← Back

CVE-2024-25575

nvd nist
Published: Apr 30, 2024Modified: Nov 4, 2025

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Affected (9)

Foxit
2 products
Pdf Editor
Pdf Reader
Configuration A
6 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Foxit
Pdf Editor
Up to 11.2.8.53842
Pdf Editor
From 12.0.0.12394 to 12.1.4.15400
Pdf Editor
From 13.0.0.21632 to 13.0.1.21693
Pdf Editor
From 2023.1.0.15510 to 2023.3.0.23028
Pdf Editor
Version 2024.1.0.23997
Pdf Reader
Version 2024.1.0.23997
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration B
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Foxit
Pdf Editor
Up to 11.1.6.0109
Pdf Editor
From 12.0.0.0601 to 12.1.2.55366
Pdf Editor
From 13.0.0.61829 to 13.0.1.61866
Running on/withPlatform Versions
Apple
Macos
All versions

Related CWEs

CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (3)

Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.