vulnerability

Foxit Reader: Use After Free (CVE-2018-3961)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Oct 2, 2018	Jan 24, 2020	Apr 7, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Oct 2, 2018

Added

Jan 24, 2020

Modified

Apr 7, 2026

Description

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Solution

foxit-reader-upgrade-latest

References

CVE-2018-3961
https://attackerkb.com/topics/CVE-2018-3961
CWE-416
EUVD-EUVD-2018-15747
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-15747
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628
https://www.foxitsoftware.com/support/security-bulletins.php

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report