Foxit PDF Reader JP2 File Parsing Out-of-Bounds Read Information Disclosure Vulnerability

A vulnerability allowing out-of-bounds read has been identified in Foxit PDF Reader within the JP2 file parsing component. This issue arises from inadequate validation of user-supplied data, leading to the potential for reading data beyond the limits of an allocated object. As a result, remote attackers could exploit this vulnerability to disclose sensitive information. User interaction is necessary, as the target must open a malicious JP2 file. Furthermore, this vulnerability could be leveraged alongside others to execute arbitrary code within the current process context.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure, with the potential for arbitrary code execution, depending on the attacker's actions and the presence of other vulnerabilities.

Remediation

Foxit has released a security update for this vulnerability. Users can download the latest version of Foxit PDF Reader from the Foxit website or use the built-in update feature. For Foxit PDF Editor, similar update options are available.