vulnerability

Foxit Reader: Use After Free (CVE-2018-3940)

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
2018-10-08
Added
2020-01-24
Modified
2023-02-06

Description

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.

Solution

foxit-reader-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.