Foxit Reader Crash: Malicious Code Executed When Opening a PDF

The PDF document viewer par excellence, Adobe Reader, is a very slow and very heavy program. And, therefore, it is often one of the first options that we avoid installing. Luckily, there are a large number of alternative PDF viewers that serve us perfectly to replace the Adobe program. And one of the best known and most used is Foxit Reader, a free and very complete viewer to open (and edit, in the paid version) this type of document. However, despite being a great PDF viewer , this time a security flaw has endangered millions of users of this software.

Foxit has more than 650 million users. This document viewer ranks second as the most widely used viewer, behind, of course, Adobe’s. Therefore, safety must be one of the most important aspects of this program. Although, on this occasion, it has not been like that.

Foxit Reader Crash

RCE crash in Foxit Reader just opening a PDF

This security flaw has been discovered by Cisco’s Talos firm, registered as CVE-2021-21822 and classified as highly dangerous. The flaw lies in the V8 JavaScript engine included within the reader. This engine is in charge of showing us the dynamic forms and interactive elements that may be inside the documents.

After successfully exploiting this security flaw, an attacker could gain access to resources outside the program’s limits . For example, it could corrupt Foxit Reader data, access resources beyond the limits of the program, and succeed in executing code on the system. To exploit this security flaw, all you need is a PDF document , created especially for this purpose, which could access the contiguous free space used by this viewer.

This security flaw is present in version of Foxit Reader, and in any other previous version of the program. To protect ourselves from it, the best we can do is download the new version of the program, available at this link. And, once the software is updated, check that we have a version equal to or greater than We can also search for new versions of the program from the “Help”> “Check for updates” section.

Also, this is not the only security flaw fixed in this new version of Foxit Reader. The document viewer has also fixed various denial of service, remote code execution, SQL injection, DLL spoofing, and other vulnerabilities. Of course, security is conspicuous by its absence in Foxit’s PDF viewer.

Alternatives to be safe

If we want to be protected against vulnerabilities, and not take unnecessary risks, one of the things we must do is uninstall this program as soon as possible and look for an alternative. There are many PDF viewers, but which one will best suit our needs?

One of the PDF viewers that we like the most is SumatraPDF . The why is very simple: this is a totally free and open source PDF viewer. This program is also very simple and is 100% focused on opening these types of documents, leaving the rest of the options and functions in the background. It can also open comic formats.

If we want a free, but more complete viewer, another of the best options right now is to use Edge , Microsoft’s browser. The new Edge includes one of the most complete PDF viewers that we can find, a viewer full of functions and tools that will allow us to open, read and work with these documents with the greatest comfort and efficiency.

Chromium Edge PDF Reader