Use-After-Free Vulnerability in Foxit Reader Affects Users
CVE-2023-32616

8.8HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
27 November 2023

Summary

A use-after-free vulnerability is present in Foxit Reader version 12.1.2.15356, specifically affecting the handling of 3D annotations within PDF files. Attackers can exploit this weakness by crafting specially formatted JavaScript embedded in a malicious PDF document, potentially leading to memory corruption and arbitrary code execution. Users may be compromised simply by opening the manipulated file, but exploitation could also occur via a malicious website if the browser plugin is activated.

Affected Version(s)

Foxit Reader 12.1.3.15356

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Discovered by Kamlapati Choubey of Cisco Talos.
.