CVE-2023-42097

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published May 3, 2024

Updated: May 23, 2024

CWE ID 416

Summary

CVE-2023-42097 is a remote code execution vulnerability affecting Foxit PDF Reader. This issue is caused by a flaw in the handling of Annotation objects, which allows attackers to execute arbitrary code after freeing memory. User interaction is necessary for exploitation, as the target must visit a malicious page or open a malicious file. The vulnerability was discovered and reported to Foxit as ZDI-CAN-21902.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Foxitsoftware Pdf Editor
Foxit PDF Reader
Foxitsoftware Pdf Reader
Foxit PDF Editor

Affected Vendors

Foxit Software Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/smk8sF
https://www.cve.org/CVERecord?id=CVE-2023-42097
https://nvd.nist.gov/vuln/detail/CVE-2023-42097

Back to Vulnerability Database