← Back

CVE-2024-47810

nvd nist
Published: Dec 18, 2024Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: CNA (Secondary)

Description

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Affected (6)

2 products
Pdf Editor
Pdf Reader
Configuration A
6 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Foxit
Up to 11.2.11.54113
From 12.0.0 to 12.1.8.15703
From 13.0.0 to 13.1.4.23147
From 2023.1.0.15510 to 2023.3.0.23028
From 2024.1.0.23997 to 2024.3.0.26795
Up to 2024.3.0.26795
Running on/withPlatform Versions
Microsoft
Windows
All versions

References (2)

Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.