CVE-2022-37380: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-37380 is a vulnerability discovered in Foxit PDF Reader version 11.2.1.53537. The vulnerability allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file (NVD, ZDI Advisory).

The vulnerability exists within the handling of ADBC objects. The specific flaw involves an out-of-bounds read vulnerability (CWE-125) that occurs when performing actions in JavaScript. By triggering these actions, an attacker can cause a read past the end of an allocated object. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

The vulnerability allows attackers to disclose sensitive information from the affected system. Additionally, attackers can potentially leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Foxit has released updates to address this vulnerability. Users should update their installations to the latest version available through the vendor's website. The vulnerability was fixed in subsequent releases of the software (Foxit Security Bulletin).