Use-After-Free Vulnerability in Foxit PDF Reader by Foxit Software
CVE-2018-3941
8HIGH
What is CVE-2018-3941?
A use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, specifically impacting version 9.1.0.5096. This flaw allows attackers to exploit a poorly managed memory allocation by crafting a malicious PDF file. When a user opens this specially designed document, it can lead to the reuse of previously freed memory objects, resulting in the potential execution of arbitrary code. To successfully exploit this vulnerability, an attacker must deceive the user into opening the malicious PDF.
Affected Version(s)
Foxit PDF Reader 9.1.0.5096