Use-After-Free Vulnerability in Foxit Reader by Foxit Software
CVE-2024-47810
Currently unrated
Key Information:
- Vendor
- Foxit Software
- Status
- Foxit Reader
- Vendor
- CVE Published:
- 18 December 2024
Summary
A use-after-free vulnerability has been identified in Foxit Reader, specifically in version 2024.3.0.26795, affecting its handling of 3D page objects. This vulnerability allows attackers to craft malicious PDF documents containing specially designed JavaScript code that triggers memory corruption. If exploited, this can lead to arbitrary code execution on the victim’s system. Users are at risk when they open such tainted files or visit websites that exploit this vulnerability through a browser plugin. Precaution is vital in scanning and managing PDF files to mitigate potential threats.
References
Timeline
Vulnerability published