Home

CVE-2018-3939

Description

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
39.294

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Foxit PhantomPDF 8 (ML) 9.1.0.5096Windows
Multiple vulnerabilities affected in Foxit PhantomPDF 9 (EXE) 9.1.0.5096Windows
Multiple vulnerabilities affected in Foxit PhantomPDF 9 (ML) (EXE) 9.1.0.5096Windows
Multiple vulnerabilities affected in Foxit PhantomPDF 9 (ML) (MSI) 9.1.0.5096Windows
Multiple vulnerabilities affected in Foxit PhantomPDF 9 (MSI) 9.1.0.5096Windows
Multiple vulnerabilities affected in Foxit PhantomPDF Slim 9.1.0.5096Windows
Multiple vulnerabilities affected in Foxit Reader 9.1.0.5096Windows
Multiple vulnerabilities affected in Foxit Reader Enterprise 9.1.0.5096Windows
Multiple Vulnerabilities are affected in Foxit Reader Enterprise 9.1.0Windows
Multiple vulnerabilities are fixed in Foxit Reader (9.2.0.9297)Windows
Vulnerabilities CVE-2018-3924,CVE-2018-3939 are fixed in Foxit PhantomPDF 10 (EXE) 8.3.7Windows
Vulnerabilities CVE-2018-3924,CVE-2018-3939 are fixed in Foxit PhantomPDF 10 (MSI) 8.3.7Windows
Vulnerabilities CVE-2018-3924,CVE-2018-3939 are fixed in Foxit PhantomPDF 10 (ML) (EXE) 8.3.7Windows
Vulnerabilities CVE-2018-3924,CVE-2018-3939 are fixed in Foxit PhantomPDF 10 (ML) (MSI) 8.3.7Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 (ML) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (EXE) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (EXE) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (MSI) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (MSI) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF Slim 8.0.5Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-317726Foxit PhantomPDF 9 (EXE) (9.7.5.29616)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)
PATCH-341796Foxit Reader (2024.3.0.26795)
PATCH-341798Foxit PDF Reader (MSI) (2024.3.0.26795) (Formerly Foxit Reader Enterprise)
PATCH-341798Foxit PDF Reader (MSI) (2024.3.0.26795) (Formerly Foxit Reader Enterprise)
PATCH-341796Foxit Reader (2024.3.0.26795)
PATCH-331212Foxit PhantomPDF 10 (EXE) (10.1.12.37872)
PATCH-331215Foxit PhantomPDF 10 (MSI) (10.1.12.37872)
PATCH-331213Foxit PhantomPDF 10 (ML) (EXE) (10.1.12.37872)
PATCH-331214Foxit PhantomPDF 10 (ML) (MSI) (10.1.12.37872)
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-311625Foxit PhantomPDF 8 (8.3.12.47136)
PATCH-317726Foxit PhantomPDF 9 (EXE) (9.7.5.29616)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234