VDB
CVE-2022-22150
CVE-2022-22150
PUBLISHED
CVSS 8.800000190734863 HIGH
A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
EPSS 0.86% · 75.4th percentile
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.86%
75.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| foxit | pdf_reader | 11.1.0.52543 |
| n/a | Foxit | Foxit Reader 11.1.0.52543 |
Exploit Intelligence
Timeline
- Jan 28, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Feb 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 21, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 5, 2023 EPSS Score
- May 27, 2023 EPSS Score