Use-After-Free Vulnerability in Foxit Reader Affects Users
CVE-2023-32616

8.8HIGH

Key Information:

Vendor: Foxit
Status: Foxit Reader
Vendor: CVE Published:; 27 November 2023

Summary

A use-after-free vulnerability is present in Foxit Reader version 12.1.2.15356, specifically affecting the handling of 3D annotations within PDF files. Attackers can exploit this weakness by crafting specially formatted JavaScript embedded in a malicious PDF document, potentially leading to memory corruption and arbitrary code execution. Users may be compromised simply by opening the manipulated file, but exploitation could also occur via a malicious website if the browser plugin is activated.

Affected Version(s)

Foxit Reader 12.1.3.15356

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Discovered by Kamlapati Choubey of Cisco Talos.