CVE-2022-34873: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-34873 is a vulnerability discovered in Foxit PDF Reader that affects the handling of Annotation objects. The vulnerability was reported on April 1, 2022, and publicly disclosed on July 7, 2022. This security flaw affects various versions of Foxit PDF Reader and Foxit PDF Editor (previously named Foxit PhantomPDF) on Windows platforms (ZDI Advisory).

The vulnerability is classified with a CVSS score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a low severity level. The specific flaw exists within the handling of Annotation objects, where performing actions in JavaScript can trigger a read past the end of an allocated object. This vulnerability requires user interaction to exploit, as the target must visit a malicious page or open a malicious file (ZDI Advisory).

When successfully exploited, this vulnerability can lead to information disclosure on affected installations of Foxit PDF Reader. The attacker can leverage this vulnerability in conjunction with other vulnerabilities to potentially execute arbitrary code in the context of the current process (ZDI Advisory).

Foxit has released updates to address this vulnerability. Users are advised to update their Foxit PDF Reader and Foxit PDF Editor installations to the latest versions. The fix was implemented in multiple versions including Foxit PDF Editor 12 (12.0.1.12430) (ManageEngine).