CVE-2022-37386: 
Foxit PDF Reader vulnerability analysis and mitigation

The vulnerability (CVE-2022-37386) affects Foxit PDF Reader version 11.2.2.53575. This information disclosure vulnerability was discovered and reported to Foxit, with public disclosure occurring on August 5th, 2022. The vulnerability specifically exists within the resetForm method of the PDF Reader's AcroForm functionality (Zero Day Initiative).

The vulnerability is an Out-Of-Bounds Read issue that occurs within the resetForm method. When processing JavaScript actions, the application can trigger a read past the end of an allocated object. The vulnerability has been assigned a CVSS v3.1 score of 3.3 (Low) with the vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file (Zero Day Initiative).

The vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. An attacker can leverage this vulnerability in conjunction with other vulnerabilities to potentially execute arbitrary code in the context of the current process (Zero Day Initiative).

Foxit has released security updates to address this vulnerability. Users should update their Foxit PDF Reader installations to the latest version. The fix was made available through Foxit's security bulletin (Foxit Security Bulletins).