Use-After-Free Vulnerability in Foxit Reader Affects Users
CVE-2023-32616
8.8HIGH
Summary
A use-after-free vulnerability is present in Foxit Reader version 12.1.2.15356, specifically affecting the handling of 3D annotations within PDF files. Attackers can exploit this weakness by crafting specially formatted JavaScript embedded in a malicious PDF document, potentially leading to memory corruption and arbitrary code execution. Users may be compromised simply by opening the manipulated file, but exploitation could also occur via a malicious website if the browser plugin is activated.
Affected Version(s)
Foxit Reader 12.1.3.15356
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Discovered by Kamlapati Choubey of Cisco Talos.