CVE-2024-30332

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader (affected versions not specified) Foxit PDF Editor (affected versions not specified)

Description The issue is related to a use-after-free error when handling Doc objects, which can allow an attacker to execute arbitrary code using a specially crafted PDF file. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The flaw exists due to the lack of validation of an object's existence before performing operations on it, allowing an attacker to leverage this vulnerability to execute code in the context of the current process.

Recommendations For Foxit PDF Reader, consider disabling the handling of Doc objects until a patch is available. For Foxit PDF Editor, restrict access to the editing functionality of PDF files that may contain malicious Doc objects until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.