CVE-2022-32774: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2022-32774) was discovered in the JavaScript engine of Foxit Software's PDF Reader version 12.0.1.12430. The vulnerability was discovered by Aleksandar Nikolic of Cisco Talos and publicly disclosed on November 10, 2022. The vulnerability affects Foxit Reader's JavaScript functionality, which is used for interactive documents and dynamic forms (Talos Report).

The vulnerability exists in the way Foxit Reader handles certain events of form elements, such as text fields or buttons. By prematurely deleting objects associated with pages, a specially-crafted PDF document can trigger the reuse of previously freed memory. The vulnerability has been assigned a CVSSv3 score of 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is classified as CWE-416 (Use After Free). Technical analysis revealed that the freed object was of size 0x5c, and the dereference occurs as part of a vtable function call, which enables straightforward control flow hijacking (Talos Report).

The vulnerability can lead to arbitrary code execution on affected systems. Since additional JavaScript code can be executed between object free and reuse, freed memory could be put under attacker control. With careful memory layout manipulation, this can lead to memory corruption and ultimately arbitrary code execution (Talos Report, SecurityWeek).

Foxit released version 12.0.1.12430 of its PDF reader to address this vulnerability. Users are advised to update to the latest software iteration as soon as possible (SecurityWeek).