Home

CVE-2018-3942

Description

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.747

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Foxit PhantomPDF 8.3.8Windows
Multiple vulnerabilities fixed in Foxit Reader (9.3.0.10826)Windows
Multiple vulnerabilities fixed in Foxit Reader Enterprise (9.3.0.10826)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF (9.3.0.10826)Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 (ML) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (EXE) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (EXE) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (MSI) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (MSI) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF Slim 8.0.5Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311625Foxit PhantomPDF 8 (8.3.12.47136)
PATCH-308177Foxit Reader (9.3.0.10826)
PATCH-308178Foxit Reader Enterprise (9.3.0.10826)
PATCH-308179Foxit PhantomPDF (9.3.0.10826)
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-317726Foxit PhantomPDF 9 (EXE) (9.7.5.29616)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234