CVE-2022-37382: 
Foxit PDF Reader vulnerability analysis and mitigation

A remote information disclosure vulnerability (CVE-2022-37382) was discovered in Foxit PDF Reader 11.2.1.53537. The vulnerability exists within the removeIcon method and stems from the lack of validating the existence of an object prior to performing operations on it. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file (Zero Day Initiative).

The vulnerability is tracked as CVE-2022-37382 with a CVSS v3.1 base score of 5.5 MEDIUM (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) according to NVD, while Zero Day Initiative rates it at 3.3 LOW (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). The specific flaw exists within the removeIcon method where the application fails to validate the existence of an object before performing operations on it (NVD, Zero Day Initiative).

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. When exploited in conjunction with other vulnerabilities, an attacker could potentially execute arbitrary code in the context of the current process (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users should update to the latest version of the software. The fix is available through Foxit's security bulletin (Foxit Security Bulletin).