Login Sign Up

CVE-2022-43640

5.5 MEDIUM

📋 TL;DR

CVE-2022-43640 is an out-of-bounds read vulnerability in Foxit PDF Reader that allows attackers to disclose sensitive information from affected systems. Users who open malicious PDF files or visit malicious web pages with Foxit PDF Reader are at risk. This vulnerability can be combined with other exploits to potentially execute arbitrary code.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: 12.0.1.12430 and earlier versions
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when processing PDF files.

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Information disclosure of process memory contents, potentially revealing sensitive data or system information.

🟢

If Mitigated

Limited impact with proper application sandboxing and memory protection controls in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction but can be delivered via web pages or email attachments.
🏢 Internal Only: MEDIUM - Similar risk profile internally if users open malicious documents from internal sources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires user interaction to open malicious PDF. Often chained with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.0.2 and later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download latest Foxit PDF Reader from official website. 2. Run installer. 3. Restart system. 4. Verify version is 12.0.2 or higher.

🔧 Temporary Workarounds

Disable JavaScript in PDF Reader

all

Prevents exploitation through malicious JavaScript in PDF files

Open Foxit Reader > File > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

all

Open PDFs in sandboxed protected mode

Open Foxit Reader > File > Preferences > Trust Manager > Check 'Enable Safe Reading Mode'

🧯 If You Can't Patch

  • Block PDF files from untrusted sources at network perimeter
  • Use application whitelisting to restrict PDF reader execution

🔍 How to Verify

Check if Vulnerable:

Check Foxit PDF Reader version in Help > About. If version is 12.0.1.12430 or earlier, system is vulnerable.

Check Version:

On Windows: wmic product where name="Foxit Reader" get version

Verify Fix Applied:

Verify version is 12.0.2 or higher in Help > About.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of Foxit Reader
  • Unusual memory access patterns in process logs

Network Indicators:

  • Downloads of PDF files from suspicious sources
  • HTTP requests to known exploit domains

SIEM Query:

source="*foxit*" AND (event_type="crash" OR event_type="exception")

📊 Metadata

CVE ID: CVE-2022-43640
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: March 29, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43640, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)