CVE-2023-32616

Name of the Vulnerable Software and Affected Versions Foxit Reader version 12.1.2.15356

Description A use-after-free issue exists in the way Foxit Reader handles 3D annotations. This can be triggered by a specially crafted Javascript code inside a malicious PDF document, leading to memory corruption and potentially allowing an attacker to execute arbitrary code. An attacker needs to trick the user into opening the malicious file to trigger this issue. Exploitation is also possible if a user visits a specially crafted, malicious site when the browser plugin extension is enabled.

Recommendations For Foxit Reader version 12.1.2.15356, consider disabling the handling of 3D annotations or the browser plugin extension as a temporary workaround until a patch is available. Avoid opening malicious PDF files or visiting suspicious websites with the browser plugin enabled to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.