CVE-2018-3943

Name of the Vulnerable Software and Affected Versions Foxit Software's PDF Reader version 9.1.0.5096

Description A use-after-free issue in the JavaScript engine allows for arbitrary code execution when a specially crafted PDF document is opened, causing a previously freed object in memory to be reused. An attacker must trick the user into opening the malicious file to exploit this issue. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Recommendations For Foxit Software's PDF Reader version 9.1.0.5096, consider disabling the JavaScript engine as a temporary workaround until a patch is available. Avoid opening suspicious PDF documents from untrusted sources to minimize the risk of exploitation. If the browser plugin extension is enabled, restrict access to potentially malicious sites to reduce the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.