CVE-2022-37383: 
Foxit PDF Reader vulnerability analysis and mitigation

CVE-2022-37383 is a vulnerability discovered in Foxit PDF Reader version 11.2.1.53537. The vulnerability allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability, specifically requiring the target to visit a malicious page or open a malicious file (Zero Day Initiative).

The vulnerability exists within the handling of Doc objects in Foxit PDF Reader. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 (LOW) with the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified as CWE-125: Out-of-bounds Read (Zero Day Initiative).

The vulnerability allows attackers to disclose sensitive information. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to potentially execute arbitrary code in the context of the current process (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users should update their Foxit PDF Reader to a version newer than 11.2.1.53537. The fix is available through the vendor's security bulletin (Foxit Security Bulletins).