Foxit Reader Portable 11.0.1.49938

What's new in this version:

Fixed some security and stability issues:
- Addressed potential issues where the application could be exposed to Out-of-Bounds Read/Write or Null Pointer Dereference vulnerability and crash when parsing certain PDF files. This occurs due to the access violation in the array subscript when storing the offset value for the indirect object because the array size created based on the /Size entry whose value is smaller than the actual maximum indirect object number is not enough to accommodate the data.
- Addressed a potential issue where the application could be exposed to Out-of-Bounds Read Information Disclosure vulnerability and crash when processing certain arguments. This occurs due to the access of illegal memory as the application fails to restrict the access to an array outside its bounds when calling the util.scand function.
- Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling certain Javascripts or annotation objects. This occurs due to the use or access of memory, pointer, or object that has been freed without proper validation (CVE-2021-21831/ZDI-CAN-13741/CVE-2021-21870/ZDI-CAN-13928/ZDI-CAN-14270/ZDI-CAN-14529/ZDI-CAN-14531/ZDI-CAN-14532).
- Addressed a potential issue where the application could be exposed to Arbitrary File Write vulnerability when executing the submitForm function. Attackers could exploit this vulnerability to create arbitrary files in the local system and inject the uncontrolled contents.
- Addressed potential issues where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when handling the annotation objects in certain PDF files if the same Annotation dictionary is referenced in the page structures for different pages. This occurs as multiple annotation objects are associated to the same Annotation dictionary (ZDI-CAN-13929/ZDI-CAN-14014/ZDI-CAN-14015/ZDI-CAN-14016/ZDI-CAN-14017/ZDI-CAN-14018/ZDI-CAN-14019/ZDI-CAN-14020/ZDI-CAN-14021/ZDI-CAN-14022/ZDI-CAN-14023/ZDI-CAN-14024/ZDI-CAN-14025/ZDI-CAN-14033/ZDI-CAN-14034/ZDI-CAN-14013).
- Addressed a potential issue where the application could be exposed to Use-after-Free vulnerability and crash when handling certain events of form elements. This occurs due to the use of Field object that has been cleaned up after executing events using the event.target property (CVE-2021-21893).
- Addressed a potential issue where the application could be exposed to Stack Overflow vulnerability and crash when parsing XML data with too many embedded nodes. This occurs as the recursion level exceeds the maximum recursion depth when parsing XML nodes using recursion.
- Addressed a potential issue where the application could be exposed to Use-after-Free Remote Code Execution vulnerability and crash when traversing bookmark nodes in certain PDF files. This occurs due to stack overflow caused by the infinite loop as the application fails to handle the loop condition correctly (ZDI-CAN-14120).