Foxit Reader

What's new in this version:

- Addressed potential issues where the application could be exposed to Memory Corruption vulnerability and crash when exporting certain PDF files to other formats. This occurs due to the access violation, which could be exploited by attackers to execute remote code.
- Addressed potential issues where the application could be exposed to Denial of Service vulnerability and crash when handling certain XFA forms or link objects. This is caused by stack overflow as there are too many levels or dead loops during the recursive call of functions.
- Addressed potential issues where the application could be exposed to Denial of Service, Null Pointer Reference, Out-of-Bounds Read, Context Level Bypass, Type Confusion, or Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code. This occurs during the implementation of certain functions in JavaScript due to the use of incorrect parameters or objects without proper validation.
- Addressed a potential issue where the application could be exposed to Arbitrary File Deletion vulnerability due to improper access control. Local attackers could exploit this vulnerability to create a symbolic link and cause arbitrary files to be deleted once the application is uninstalled by an admin user.
- Addressed a potential issue where the application could deliver incorrect signature information for certain PDF files that contained invisible digital signatures. This occurs as the application gets the certificate name in an incorrect order and displays the document owner as the signature author by mistake.
- Addressed potential issues where the application could be exposed to DLL Hijacking vulnerability when it was launched, which could be exploited by attackers to execute remote code by placing a malicious DLL in the specified path directory. This occurs due to the improper behavior while loading libraries, including loading the libraries in the installation directory as precedence when loading system libraries, loading the libraries that are disguised as system libraries in the installation folder without proper validation, and failing to use the fully qualified paths when loading external libraries.
- Addressed potential issues where the application could be exposed to Out-of-Bounds Write/Read Remote Code Execution or Information Disclosure vulnerability and crash when handling certain JavaScripts or XFA forms. This occurs due to the use of abnormal data that exceeds the maximum size allocated in parameters without proper validation.
- Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability when parsing certain PDF files that contain nonstandard /Size key value in the Trailer dictionary. This occurs due to the access of an array whose size is not enough to accommodate the data.
- Addressed a potential issue where the application could be exposed to Out-of-Bounds Write vulnerability and crash when converting certain PDF files to Microsoft Office files. This occurs as the PDF object data defined in the Cross-Reference Table is corrupted.
- Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain XFA forms or annotation objects. This occurs due to the use or access of the objects that have been released or deleted.
- Addressed potential issues where the application could be exposed to Arbitrary File Write Remote Code Execution vulnerability when executing certain JavaScripts. This occurs as the application fails to restrict the file type and validate the file path in extractPages and CombineFiles functions.
- Addressed potential issues where the application could be exposed to SQL Injection Remote Code Execution vulnerability. Attackers could exploit this vulnerability to insert or delete databases by inserting codes at the end of the strings.
- Addressed a potential issue where the application could be exposed to Uninitialized Variable Information Disclosure vulnerability and crash. This occurs due to the array access violation resulting from the discrepant information in the form control when users press the Tab key to get focus on a field and input new text in certain XFA forms.
- Addressed potential issues where the application could be exposed to Out-of-Bounds Read or Heap-based Buffer Overflow vulnerability and crash, which could be exploited by attackers to execute remote code or disclose sensitive information. This occurs due to the logic error or improper handling of elements when working with certain PDF files that define excessively large value in the file attribute or contain negative leadDigits value in the file attribute.