Use-After-Free Vulnerability in Foxit Reader by Foxit Software
CVE-2024-47810

Currently unrated

Key Information:

Vendor
Foxit Software
Status
Foxit Reader
Vendor
CVE Published:
18 December 2024

Summary

A use-after-free vulnerability has been identified in Foxit Reader, specifically in version 2024.3.0.26795, affecting its handling of 3D page objects. This vulnerability allows attackers to craft malicious PDF documents containing specially designed JavaScript code that triggers memory corruption. If exploited, this can lead to arbitrary code execution on the victim’s system. Users are at risk when they open such tainted files or visit websites that exploit this vulnerability through a browser plugin. Precaution is vital in scanning and managing PDF files to mitigate potential threats.

References

Timeline

  • Vulnerability published

.