CVE-2022-28681: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-28681 is a vulnerability discovered in Foxit PDF Reader that was disclosed on May 12th, 2022. The vulnerability affects the deletePages method in the software and is classified as an Out-Of-Bounds Read Information Disclosure vulnerability (ZDI Advisory).

The vulnerability exists within the deletePages method of Foxit PDF Reader. When specific actions are performed using JavaScript, it can trigger a read operation past the end of an allocated object. The vulnerability has been assigned a CVSS v3.1 score of 2.5 (Low) with the vector string: AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, indicating local access, high attack complexity, and low confidentiality impact (ZDI Advisory).

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. While the direct impact is limited to information disclosure, the vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Foxit has released an update to correct this vulnerability. Users are advised to update their Foxit PDF Reader installations to the latest version available through the official website (ZDI Advisory).