Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-49576

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Published

2024-12-18T16:15:13.477

Last Modified

2025-08-25T18:06:02.903

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	foxit	pdf_editor	≤ 11.2.11.54113	Yes
Application	foxit	pdf_editor	≤ 12.1.8.15703	Yes
Application	foxit	pdf_editor	≤ 13.1.4.23147	Yes
Application	foxit	pdf_editor	≤ 2023.3.0.23028	Yes
Application	foxit	pdf_editor	≤ 2024.3.0.26795	Yes
Application	foxit	pdf_reader	≤ 2024.3.0.26795	Yes
Operating System	microsoft	windows	-	No

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093 Exploit, Third Party Advisory ([email protected])
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2093 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)