Login Sign Up

CVE-2022-43641

7.8 HIGH

📋 TL;DR

This vulnerability in Foxit PDF Reader allows remote attackers to disclose sensitive information by exploiting a flaw in U3D file parsing. Attackers can leverage this with other vulnerabilities to execute arbitrary code in the current process context. Users of affected Foxit PDF Reader versions are at risk when opening malicious PDF files or visiting malicious web pages.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: 12.0.1.12430 and earlier versions
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with U3D support enabled are vulnerable. User interaction required (opening malicious file or visiting malicious page).

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Information disclosure and potential privilege escalation when combined with other vulnerabilities.

🟢

If Mitigated

Limited impact with proper application sandboxing, network segmentation, and user awareness training.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires user interaction but no authentication. Often chained with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Foxit PDF Reader 12.0.2 or later

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Open Foxit PDF Reader
2. Go to Help > Check for Updates
3. Follow prompts to install latest version
4. Restart application after update

🔧 Temporary Workarounds

Disable U3D support

all

Disable U3D file parsing in Foxit PDF Reader settings

Use alternative PDF reader

all

Temporarily use a different PDF reader until patched

🧯 If You Can't Patch

  • Implement application whitelisting to block Foxit PDF Reader execution
  • Deploy network segmentation to limit lateral movement

🔍 How to Verify

Check if Vulnerable:

Check Foxit PDF Reader version in Help > About. If version is 12.0.1.12430 or earlier, system is vulnerable.

Check Version:

On Windows: wmic product where name="Foxit PDF Reader" get version

Verify Fix Applied:

Verify version is 12.0.2 or later in Help > About after update.

📡 Detection & Monitoring

Log Indicators:

  • Foxit PDF Reader crash logs
  • Unexpected process creation from Foxit PDF Reader
  • Network connections initiated by Foxit PDF Reader

Network Indicators:

  • Outbound connections from Foxit PDF Reader to unknown IPs
  • DNS requests for suspicious domains

SIEM Query:

source="*foxit*" AND (event_type="crash" OR process_name="foxitreader.exe")

📊 Metadata

CVE ID: CVE-2022-43641
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: March 29, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43641, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)