Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40129

Nov. 21, 2022, 4:15 p.m. |

National Vulnerability Database nist.gov

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

cve cve-2022-40129

Cyber Transformation Consultant - Energy & Utilities

@ PA Consulting | London, United Kingdom

Security Operations Lead

@ Vattenfall | Amsterdam, Netherlands

Technology - Energy and Natural Resources sector, Security Strategy & Governance, Cyber Defence, Identity & Access

@ KPMG Australia | Sydney, Australia

DevSecOps Manager

@ Nexient | United States

IT Security Manager (REF194D)

@ Deutsche Telekom IT Solutions | Budapest, Debrecen, Pécs, Szeged, Hungary

Security GRC Consultant

@ Devoteam | Zaventem, Belgium

Information Security & Data Privacy Specialist

@ SirionLabs | Gurugram, Haryana, India

Junior Security Engineer

@ Eurofins | Barcelona, Spain

Senior Application Security Engineer [Remote - UK]

@ Confluent, Inc. | Remote, England

Threat Analysis Security Engineer

@ MANGOPAY | Paris, France

Sr. Professional Services Consultant II

@ Palo Alto Networks | Denver, CO, United States

Senior Offensive Security Engineer

@ MANGOPAY | Paris, France