Recently Foxit published a new security advisory, among which a bug I disclosed was present, and a new release of their product was pushed to the users.

Like in another post, this was some kind of collateral bug related to another fuzzing project.

You can find one reproducer here.

Reproducer

foxit1.pdf

How To Test

With a vulnerable version of foxit pdf reader linux:

MALLOC_CHECK_=3 FoxitReader /path/to/poc/file.pdf

With a vulnerable version of foxit pdf reader windows, enable page heap to be sure and open