Home

CVE-2019-5131

Description

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Softwares Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
8.485

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-5126,CVE-2019-5131,CVE-2019-5130,CVE-2019-5145 are fixed in Foxit Reader (9.7.1.29511)Windows
Vulnerabilities CVE-2019-5126,CVE-2019-5131,CVE-2019-5130,CVE-2019-5145 are fixed in Foxit Reader Enterprise (9.7.1.29511)Windows
Vulnerabilities CVE-2019-5126,CVE-2019-5131,CVE-2019-5130,CVE-2019-5145 are fixed in Foxit PhantomPDF Business 9 (ML) (EXE) (9.7.1.29511)Windows
Vulnerabilities CVE-2019-5126,CVE-2019-5131,CVE-2019-5130,CVE-2019-5145 are fixed in Foxit PhantomPDF Business 9 (ML) (MSI) (9.7.1.29511)Windows
Vulnerabilities CVE-2019-5126,CVE-2019-5131,CVE-2019-5130,CVE-2019-5145 are fixed in Foxit PhantomPDF Business 9 (EXE) (9.7.1.29511)Windows
Vulnerabilities CVE-2019-5126,CVE-2019-5131,CVE-2019-5130,CVE-2019-5145 are fixed in Foxit PhantomPDF Business 9 (9.7.1.29511)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (ML) (EXE) (10.0.1.35811)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (ML) (MSI) (10.0.1.35811)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (EXE) (10.0.1.35811)Windows
Multiple vulnerabilities fixed in Foxit PhantomPDF 10 (MSI) (10.0.1.35811)Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 (ML) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 8 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (EXE) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (EXE) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (ML) (MSI) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF 9 (MSI) 8.0.5Windows
Multiple Vulnerabilities are affected in Foxit PhantomPDF Slim 8.0.5Windows
Multiple vulnerabilities are fixed in Foxit Reader (10.0.1.35811)Windows
Multiple vulnerabilities are fixed in Foxit Reader Enterprise (10.0.1.35811)Windows
Multiple vulnerabilities are fixed in Foxit Reader (ML) (10.0.1.35811)Windows
Multiple vulnerabilities are fixed in Foxit Reader Enterprise (ML) (10.0.1.35811)Windows
Multiple vulnerabilities are fixed in Foxit Reader (9.7.1.29511)Windows
Multiple vulnerabilities are fixed in Foxit Reader Enterprise (9.7.1.29511)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (EXE) (10.0.1.35811)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (MSI) (10.0.1.35811)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (ML) (EXE) (10.0.1.35811)Windows
Multiple vulnerabilities are fixed in Foxit PhantomPDF 10 (ML) (MSI) (10.0.1.35811)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-312538Foxit Reader (9.7.1.29511)
PATCH-312539Foxit Reader Enterprise (9.7.1.29511)
PATCH-312557Foxit PhantomPDF Business 9 (ML) (EXE) (9.7.1.29511)
PATCH-312558Foxit PhantomPDF Business 9 (ML) (MSI) (9.7.1.29511)
PATCH-312556Foxit PhantomPDF Business 9 (EXE) (9.7.1.29511)
PATCH-312577Foxit PhantomPDF Business 9 (9.7.1.29511)
PATCH-315710Foxit PhantomPDF 10 (ML) (EXE) (10.0.1.35811)
PATCH-315709Foxit PhantomPDF 10 (ML) (MSI) (10.0.1.35811)
PATCH-315708Foxit PhantomPDF 10 (EXE) (10.0.1.35811)
PATCH-315707Foxit PhantomPDF 10 (MSI) (10.0.1.35811)
PATCH-311706Foxit PhantomPDF 8 ML (8.3.12.47136)
PATCH-311625Foxit PhantomPDF 8 (8.3.12.47136)
PATCH-317726Foxit PhantomPDF 9 (EXE) (9.7.5.29616)
PATCH-317727Foxit PhantomPDF 9 (ML) (EXE) (9.7.5.29616)
PATCH-317728Foxit PhantomPDF 9 (ML) (MSI) (9.7.5.29616)
PATCH-317729Foxit PhantomPDF 9 (MSI) (9.7.5.29616)
PATCH-306313Foxit PhantomPDF (MSI) (8.3.2) (Formerly Foxit PhantomPDF Slim)
PATCH-347386Foxit Reader (2025.1.0.27937)
PATCH-347385Foxit PDF Reader (MSI) (2025.1.0.27937)
PATCH-351917Foxit Reader (ML) (2025.2.1.33197)
PATCH-351864Foxit PDF Reader (ML) (MSI) (2025.2.0.33046)
PATCH-347386Foxit Reader (2025.1.0.27937)
PATCH-347385Foxit PDF Reader (MSI) (2025.1.0.27937)
PATCH-331212Foxit PhantomPDF 10 (EXE) (10.1.12.37872)
PATCH-331215Foxit PhantomPDF 10 (MSI) (10.1.12.37872)
PATCH-331213Foxit PhantomPDF 10 (ML) (EXE) (10.1.12.37872)
PATCH-331214Foxit PhantomPDF 10 (ML) (MSI) (10.1.12.37872)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234