PT-2018-16359 · Foxit · Foxit Pdf Reader
Published
2018-10-03
·
Updated
2023-02-02
·
CVE-2018-3994
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit PDF Reader version 9.2.0.9297
Description
A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be triggered by a specially crafted PDF document, leading to arbitrary code execution. This can occur when a user is tricked into opening a malicious file. Additionally, if the browser plugin extension is enabled, visiting a malicious site can also trigger the issue.
Recommendations
For Foxit PDF Reader version 9.2.0.9297, consider disabling the JavaScript engine in the PDF reader as a temporary workaround until a patch is available. Restrict access to malicious PDF files and avoid visiting untrusted websites when the browser plugin extension is enabled.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Reader