Download Foxit Reader 3.0 build 1506

Foxit Software has released an update for Foxit Reader 3.0 for the second time in a short time. With a download size of just a few megabytes, it’s a small and fast alternative to Adobe Reader, especially on an older computer with limited resources. The program is free, but for certain functionality, which is part of the so-called pro pack must be paid. Examples of this are saving as a text file or adding comments to a PDF file. Three major security vulnerabilities have been fixed in this release, including one that is also in version 2.3, so that version is also updated. Below is more information about the resolved issues:

Vulnerability Fixed:

• Fixed the issue of stack-based buffer overflow.
  Foxit PDF files include actions associated with different triggers. If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files with an overly long filename argument and the trigger condition is satisfied, it will cause a stack-based buffer overflow.
• Fixed the issue of security authorization bypass.
  If an action (Open/Execute a file, Open a web link, etc.) is defined in the PDF files and the trigger condition is satisfied, Foxit Reader will do the action defined by the creator of the PDF file without popping up a dialog box to confirm.
• Fixed the issue of JBIG2 Symbol Dictionary Processing
  While decoding a JBIG2 symbol dictionary segment, an array of 32-bit elements is allocated having a size equal to the number of exported symbols, but left uninitialized if the number of new symbols is zero. The array is later accessed and values ​​from uninitialized memory are used as pointers when reading memory and performing calls.