The software to read PDF files, Foxit Reader, released a security update that addresses over 100 vulnerabilities – where 18 of them were classified as critical.

The popular software to read PDF files, Foxit Reader released a security update that patch over 100 vulnerabilities, some of them could be exploited to execute arbitrary code by remote attackers.

Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign,  print PDF files and so on. That software has hundreds of millions of installations.

Foxit has released Reader 9.3 and Foxit PhantomPDF 9.3 to address security and stability issues.

Foxit Reader 9.3 addressed a lot of vulnerabilities, including out-of-bounds, use-after-free, information disclosure, type confusion, and memory corruption bugs.

The 18 vulnerabilities were found by Cisco Talos, as well as many others fixed by this update. They were labeled as critical because could lead to code execution, and attackers could create specially crafted webpages or PDFs to exploit these vulnerabilities in order to execute arbitrary code or even install malware in the vulnerable devices.

12 of the flaws could be exploited simply by visiting a web site when the Foxit PDF browser plugin is enabled.

The list of patched vulnerabilities is presented below and more information about who discovered the vulnerabilities can be found in Foxit’s security bulletin.

Fixed vulnerabilities in version 9.3: CVE-2018-3940, CVE-2018-3941, CVE-2018-3942, CVE-2018-3943, CVE-2018-3944, CVE-2018-3945, CVE-2018-3946, CVE-2018-3957, CVE-2018-3958, CVE-2018-3959, CVE-2018-3960, CVE-2018-3961, CVE-2018-3962, CVE-2018-3964, CVE-2018-3965, CVE-2018-3966, CVE-2018-3967, CVE-2018-3992, CVE-2018-3993, CVE-2018-3994, CVE-2018-3995, CVE-2018-3996, CVE-2018-3997, CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, CVE-2018-16297, CVE-2018-17781, ZDI-CAN-6333, ZDI-CAN-6334, ZDI-CAN-6335, ZDI-CAN-6336, ZDI-CAN-6352, ZDI-CAN-6353, ZDI-CAN-6354, ZDI-CAN-6355, ZDI-CAN-6434, ZDI-CAN-6435, ZDI-CAN-6435, ZDI-CAN-6438, ZDI-CAN-6439, ZDI-CAN-6455, ZDI-CAN-6458, ZDI-CAN-6470, ZDI-CAN-6471, ZDI-CAN-6472, ZDI-CAN-6473, ZDI-CAN-6474, ZDI-CAN-6475, ZDI-CAN-6477, ZDI-CAN-6478, ZDI-CAN-6479, ZDI-CAN-6480, ZDI-CAN-6481, ZDI-CAN-6482, ZDI-CAN-6483, ZDI-CAN-6484, ZDI-CAN-6485, ZDI-CAN-6486, ZDI-CAN-6487, ZDI-CAN-6498, ZDI-CAN-6499, ZDI-CAN-6500, ZDI-CAN-6501, ZDI-CAN-6502, ZDI-CAN-6503, ZDI-CAN-6504, ZDI-CAN-6505, ZDI-CAN-6506, ZDI-CAN-6507, ZDI-CAN-6509, ZDI-CAN-6511, ZDI-CAN-6512, ZDI-CAN-6513, ZDI-CAN-6514, ZDI-CAN-6517, ZDI-CAN-6518, ZDI-CAN-6519, ZDI-CAN-6520, ZDI-CAN-6521, ZDI-CAN-6522, ZDI-CAN-6523, ZDI-CAN-6524, ZDI-CAN-6614, ZDI-CAN-6616, ZDI-CAN-6617, ZDI-CAN-6700, ZDI-CAN-6817, ZDI-CAN-6819, ZDI-CAN-6820, ZDI-CAN-6844, ZDI-CAN-6845, ZDI-CAN-6848, ZDI-CAN-6849, ZDI-CAN-6850, ZDI-CAN-6851, ZDI-CAN-6890, ZDI-CAN-6915, ZDI-CAN-7067, ZDI-CAN-7068, ZDI-CAN-7069, ZDI-CAN-7070, ZDI-CAN-7073, ZDI-CAN-7103, ZDI-CAN-7138, ZDI-CAN-7141, ZDI-CAN-7145, ZDI-CAN-7157, ZDI-CAN-7163, ZDI-CAN-7169, ZDI-CAN-7170, ZDI-CAN-7252, ZDI-CAN-7253, ZDI-CAN-7254, ZDI-CAN-7255