Use-After-Free Vulnerability in Foxit PDF Reader's AcroForm
CVE-2024-30339

Currently unrated

Key Information:

Vendor: Foxit Software
Status: Foxit PDF Reader
Vendor: CVE Published:; 2 April 2024

🔔 Create Foxit Software Vulnerability Alert

What is CVE-2024-30339?

A vulnerability exists in Foxit PDF Reader's handling of AcroForms that allows attackers to execute arbitrary code through a use-after-free condition. This issue arises when the software fails to validate the existence of an object prior to executing operations on it. An attacker can exploit this flaw by enticing a user to visit a malicious page or open a crafted file, enabling them to execute unauthorized commands in the context of the running application. Ensuring users have the latest updates can help mitigate this issue.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-317/

https://www.foxit.com/support/security-bulletins.html

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024