CVE-2023-42091

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published May 3, 2024

Updated: May 23, 2024

CWE ID 416

Summary

CVE-2023-42091 is a remote code execution vulnerability affecting Foxit PDF Reader. The flaw is situated in the handling of Doc objects within the software, where the lack of object validation leads to use-after-free conditions. An attacker can exploit this vulnerability by crafting a malicious page or file, requiring user interaction for successful exploitation. By leveraging this vulnerability, an attacker can execute arbitrary code in the context of the current process. (ZDI-CAN-21601)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Foxitsoftware Pdf Editor
Foxit PDF Reader
Foxitsoftware Pdf Reader
Foxit PDF Editor

Affected Vendors

Foxit Software Inc.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database