Use-After-Free Remote Code Execution Vulnerability in Foxit PDF Reader
CVE-2024-30338

Currently unrated

Key Information:

Vendor: Foxit Software
Status: Foxit PDF Reader
Vendor: CVE Published:; 2 April 2024

🔔 Create Foxit Software Vulnerability Alert

What is CVE-2024-30338?

A vulnerability exists in Foxit PDF Reader due to improper handling of Doc objects. This flaw allows attackers to execute arbitrary code when a user interacts with malicious web pages or documents, as the system fails to validate the object's existence before performing operations on it. By exploiting this inconsistency, attackers can gain unauthorized access to the system, making it crucial for users to apply security updates promptly.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-319/

https://www.foxit.com/support/security-bulletins.html

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024