urging customers to update to the latest

  • Foxit Software is urging customers to update to the latest version of its tool. “Foxit has released Foxit Reader 9.7, which addresses potential security and stability issues,” said the company in a security advisory.
    Daily News Updates

    JavaScript Error
    The most severe of these flaws (CVE-2019-5031), which has a CVSS score of 8.8 out of 10.0, exists in how Foxit Reader interacts with JavaScript engine (the program that executes JavaScript code). JavaScript can be supported by Foxit Reader for interactive documents and dynamic forms. For instance, when a user opens a PDF document, it can execute JavaScript.

    However, when certain versions for the JavaScript engine (version 7.5.45 and previous versions in the V8 JavaScript engine) are used in version of Foxit Reader, it can result in arbitrary code execution and denial of service. That’s because in the impacted Foxit Reader version, opening the JavaScript engine results in a large amount of memory being allocated, which quickly uses up all available memory. This would usually result in an out-of-memory state being detected and the process would be terminated. However, that process does not exist in the impacted Foxit Reader.