CVE-2023-38573

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 416

Summary

CVE-2023-38573 is a use-after-free vulnerability affecting Foxit Reader 12.1.2.15356. Maliciously crafted JavaScript code within a PDF document can cause a previously freed object to be reused, leading to memory corruption and arbitrary code execution. For this vulnerability to be exploited, a user must open the malicious file. Additionally, if the browser plugin extension is enabled, an attacker can potentially exploit this vulnerability by luring the user to a specially crafted, malicious website.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Foxitsoftware Foxit Reader

Affected Vendors

Foxit Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/soN9Mi
https://www.cve.org/CVERecord?id=CVE-2023-38573
https://nvd.nist.gov/vuln/detail/CVE-2023-38573

Back to Vulnerability Database