PT-2018-16316 · Foxit · Foxit Pdf Reader

Published

2018-08-01

Updated

2022-04-19

CVE-2018-3924

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader version 9.1.5096

Description A use-after-free issue exists in the JavaScript engine, allowing arbitrary code execution when a specially crafted PDF document is opened. This can be triggered by tricking a user into opening a malicious file. If the browser plugin extension is enabled, visiting a malicious site can also exploit this issue.

Recommendations For Foxit PDF Reader version 9.1.5096, consider disabling the JavaScript engine as a temporary workaround until a patch is available. Restrict access to malicious PDF files and avoid visiting untrusted websites with the browser plugin extension enabled.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2018-3924

Affected Products

Foxit Pdf Reader

PT-2018-16316 · Foxit · Foxit Pdf Reader

CVE-2018-3924

Weakness Enumeration

Related Identifiers

Affected Products

References · 4