CVE-2022-28671: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-28671) was discovered in Foxit PDF Reader that allows remote attackers to execute arbitrary code. The vulnerability was disclosed on May 12, 2022, and affects the handling of Doc objects in Foxit PDF Reader. The issue received a CVSS score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (ZDI Advisory).

The vulnerability exists within the handling of Doc objects in Foxit PDF Reader. The specific flaw results from the lack of validating the existence of an object prior to performing operations on the object. This validation issue can lead to use-after-free conditions where the application attempts to use memory that has already been freed (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score of 7.8 indicates severe potential impact on the confidentiality, integrity, and availability of the affected system (ZDI Advisory).

Foxit has issued an update to correct this vulnerability. Users are advised to update to the latest version of the software through the vendor's official website. More details about the fix can be found in Foxit's security bulletins (ZDI Advisory, Foxit Security Bulletins).