Foxit PDF Reader is a popular PDF viewer and editor software used by millions of users worldwide. The vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. This allows attackers to execute arbitrary code on your system, potentially leading to memory corruption.
You're affected if you use Foxit PDF Reader version 8.2.0 or earlier (version info not specified in the advisory). Check with: foxit-pdfrd --version 2>/dev/null
Note: This CVE is specific to Foxit PDF Reader, which is different from other PDF viewers like Adobe Acrobat or PDF-XChange.
Upgrade to Foxit PDF Reader version 8.3.0 or later.
URL: https://www.foxit.com/downloads/pdfrd/
- Immediate mitigations:
- Disable 3D annotations in the Foxit PDF Reader settings (Settings > Advanced > 3D Annotations).
- Use a different PDF viewer that is not vulnerable to this issue.