Use-After-Free Vulnerability in Foxit Reader by Foxit Software

CVE-2024-47810

Summary

A use-after-free vulnerability has been identified in Foxit Reader, specifically in version 2024.3.0.26795, affecting its handling of 3D page objects. This vulnerability allows attackers to craft malicious PDF documents containing specially designed JavaScript code that triggers memory corruption. If exploited, this can lead to arbitrary code execution on the victim’s system. Users are at risk when they open such tainted files or visit websites that exploit this vulnerability through a browser plugin. Precaution is vital in scanning and managing PDF files to mitigate potential threats.

References