CVE-2022-34875: CWE-125: Out-of-bounds Read in Foxit PDF Reader
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16981.
AI Analysis
Technical Summary
CVE-2022-34875 is a security vulnerability identified in Foxit PDF Reader version 11.2.1.53537. The flaw is classified as an out-of-bounds read (CWE-125) occurring during the handling of ADBC objects within the application. Specifically, the vulnerability arises when JavaScript embedded in a PDF document or a malicious webpage manipulates these ADBC objects, causing the program to read memory beyond the allocated bounds of an object. This can lead to the disclosure of sensitive information from the process memory. Exploitation requires user interaction, such as opening a malicious PDF file or visiting a crafted webpage that triggers the vulnerability. While the vulnerability itself primarily results in information disclosure, it can be chained with other vulnerabilities to achieve arbitrary code execution within the context of the Foxit PDF Reader process. The CVSS 3.0 base score is 3.3, indicating a low severity level, with the attack vector being local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is necessary (UI:R). The impact is limited to confidentiality (C:L), with no direct effect on integrity or availability. No known exploits have been reported in the wild, and no patches were linked in the provided data, suggesting that mitigation may rely on vendor updates or workarounds. This vulnerability was tracked by the Zero Day Initiative as ZDI-CAN-16981 and is publicly disclosed as of July 18, 2022.
Potential Impact
For European organizations, the primary impact of CVE-2022-34875 is the potential leakage of sensitive information through out-of-bounds memory reads when users open malicious PDF files or visit compromised web pages. While the direct impact is limited to confidentiality, the possibility of combining this vulnerability with others to execute arbitrary code raises concerns about system compromise, data theft, or lateral movement within networks. Organizations handling sensitive or confidential documents in PDF format, especially those using Foxit PDF Reader version 11.2.1.53537, may be at risk. The requirement for user interaction reduces the likelihood of widespread automated exploitation but does not eliminate targeted attacks, particularly spear-phishing campaigns leveraging malicious PDFs. The low CVSS score reflects limited impact and exploitation complexity; however, the strategic importance of document security in sectors such as finance, government, and critical infrastructure in Europe means that even low-severity vulnerabilities warrant attention. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation attempts.
Mitigation Recommendations
Upgrade Foxit PDF Reader to the latest available version beyond 11.2.1.53537 where this vulnerability is addressed. Monitor Foxit's official channels for patches or security advisories related to this issue. Implement strict email filtering and attachment scanning to detect and block malicious PDF files, especially those containing embedded JavaScript. Disable JavaScript execution within Foxit PDF Reader where possible, as the vulnerability is triggered via JavaScript manipulation of ADBC objects. Educate users on the risks of opening unsolicited or unexpected PDF attachments and visiting untrusted websites to reduce the likelihood of triggering the vulnerability. Employ endpoint detection and response (EDR) solutions capable of monitoring anomalous behavior in PDF reader processes, which may indicate exploitation attempts. Use application whitelisting and sandboxing techniques to limit the impact of potential code execution if the vulnerability is chained with others. Regularly review and update security policies related to document handling and software usage to ensure compliance with best practices.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Belgium, Sweden
CVE-2022-34875: CWE-125: Out-of-bounds Read in Foxit PDF Reader
Description
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16981.
AI-Powered Analysis
Technical Analysis
CVE-2022-34875 is a security vulnerability identified in Foxit PDF Reader version 11.2.1.53537. The flaw is classified as an out-of-bounds read (CWE-125) occurring during the handling of ADBC objects within the application. Specifically, the vulnerability arises when JavaScript embedded in a PDF document or a malicious webpage manipulates these ADBC objects, causing the program to read memory beyond the allocated bounds of an object. This can lead to the disclosure of sensitive information from the process memory. Exploitation requires user interaction, such as opening a malicious PDF file or visiting a crafted webpage that triggers the vulnerability. While the vulnerability itself primarily results in information disclosure, it can be chained with other vulnerabilities to achieve arbitrary code execution within the context of the Foxit PDF Reader process. The CVSS 3.0 base score is 3.3, indicating a low severity level, with the attack vector being local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but user interaction is necessary (UI:R). The impact is limited to confidentiality (C:L), with no direct effect on integrity or availability. No known exploits have been reported in the wild, and no patches were linked in the provided data, suggesting that mitigation may rely on vendor updates or workarounds. This vulnerability was tracked by the Zero Day Initiative as ZDI-CAN-16981 and is publicly disclosed as of July 18, 2022.
Potential Impact
For European organizations, the primary impact of CVE-2022-34875 is the potential leakage of sensitive information through out-of-bounds memory reads when users open malicious PDF files or visit compromised web pages. While the direct impact is limited to confidentiality, the possibility of combining this vulnerability with others to execute arbitrary code raises concerns about system compromise, data theft, or lateral movement within networks. Organizations handling sensitive or confidential documents in PDF format, especially those using Foxit PDF Reader version 11.2.1.53537, may be at risk. The requirement for user interaction reduces the likelihood of widespread automated exploitation but does not eliminate targeted attacks, particularly spear-phishing campaigns leveraging malicious PDFs. The low CVSS score reflects limited impact and exploitation complexity; however, the strategic importance of document security in sectors such as finance, government, and critical infrastructure in Europe means that even low-severity vulnerabilities warrant attention. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation attempts.
Mitigation Recommendations
Upgrade Foxit PDF Reader to the latest available version beyond 11.2.1.53537 where this vulnerability is addressed. Monitor Foxit's official channels for patches or security advisories related to this issue. Implement strict email filtering and attachment scanning to detect and block malicious PDF files, especially those containing embedded JavaScript. Disable JavaScript execution within Foxit PDF Reader where possible, as the vulnerability is triggered via JavaScript manipulation of ADBC objects. Educate users on the risks of opening unsolicited or unexpected PDF attachments and visiting untrusted websites to reduce the likelihood of triggering the vulnerability. Employ endpoint detection and response (EDR) solutions capable of monitoring anomalous behavior in PDF reader processes, which may indicate exploitation attempts. Use application whitelisting and sandboxing techniques to limit the impact of potential code execution if the vulnerability is chained with others. Regularly review and update security policies related to document handling and software usage to ensure compliance with best practices.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2022-06-30T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 682d983cc4522896dcbee912
Added to database: 5/21/2025, 9:09:16 AM
Last enriched: 6/25/2025, 2:34:20 AM
Last updated: 8/14/2025, 9:32:12 PM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.