CVE-2023-42094

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published May 3, 2024

Updated: May 23, 2024

CWE ID 416

Summary

CVE-2023-42094 is a remote code execution vulnerability affecting Foxit PDF Reader. This issue arises due to the program's failure to validate the existence of Annotation objects before performing operations on them. Attackers can exploit this vulnerability by crafting a malicious page or file, requiring user interaction for successful exploitation. The flaw, identified as ZDI-CAN-21873, enables attackers to execute arbitrary code in the context of the current process.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Foxitsoftware Pdf Editor
Foxit PDF Reader
Foxitsoftware Pdf Reader
Foxit PDF Editor

Affected Vendors

Foxit Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/smkwUw
https://www.cve.org/CVERecord?id=CVE-2023-42094
https://nvd.nist.gov/vuln/detail/CVE-2023-42094

Back to Vulnerability Database