CVE-2024-25938
Description
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.741
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Foxit PDF Editor 12 (ML) (EXE) (12.1.3.15356) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 12 (ML) (MSI) (12.1.3.15356) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 12 (EXE) (12.1.3.15356) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 12 (MSI) (12.1.3.15356) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 12 (ML) (EXE) (12.1.5.15505) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 12 (ML) (MSI) (12.1.5.15505) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 12 (EXE) (12.1.5.15505) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 12 (MSI) (12.1.5.15505) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (EXE) (11.2.9.53938) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (ML) (MSI) (11.2.9.53938) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (EXE) (11.2.9.53938) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 11 (MSI) (11.2.9.53938) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 13 (13.1.0.22420) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 13 (MSI) (13.1.0.22420) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Editor 2024 (ML) (EXE) (2024.2.0.25138) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Editor 2024 (ML) (MSI) (2024.2.0.25138) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Editor 2024 (EXE) (2024.2.0.25138) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Editor 2024 (MSI) (2024.2.0.25138) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Reader (2024.2.3.25184) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Reader (ML) (2024.2.3.25184) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader (2024.2.0.25138) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader (ML) (2024.2.0.25138) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader Enterprise (2024.2.0.25138) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader Enterprise (ML) (2024.2.0.25138) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader (2024.2.1.25153) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader (ML) (2024.2.1.25153) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader Enterprise (ML) (2024.2.1.25153) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader Enterprise (2024.2.1.25153) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader (2024.2.2.25170) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader (ML) (2024.2.2.25170) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader Enterprise (2024.2.2.25170) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader Enterprise (ML) (2024.2.2.25170) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader Enterprise (2024.2.3.25184) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit Reader Enterprise (ML) (2024.2.3.25184) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Editor 2024 (EXE) (2024.2.2.25170) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Editor 2024 (ML) (EXE) (2024.2.2.25170) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Editor 2024 (ML) (MSI) (2024.2.2.25170) | Windows |
| Vulnerabilities CVE-2024-25938,CVE-2024-25648,CVE-2024-25575 are fixed in Foxit PDF Editor 2024 (MSI) (2024.2.2.25170) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (EXE) (2024.2.0.25138) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (ML) (EXE) (2024.2.0.25138) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (MSI) (2024.2.0.25138) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (ML) (MSI) (2024.2.0.25138) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (EXE) (2024.2.1.25153) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (ML) (MSI) (2024.2.1.25153) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (MSI) (2024.2.1.25153) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (ML) (EXE) (2024.2.1.25153) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (EXE) (2024.2.2.25170) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (ML) (EXE) (2024.2.2.25170) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (ML) (MSI) (2024.2.2.25170) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (MSI) (2024.2.2.25170) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (EXE) (2024.2.3.25184) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (ML) (EXE) (2024.2.3.25184) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (ML) (MSI) (2024.2.3.25184) | Windows |
| Multiple vulnerabilities are fixed in Foxit PDF Editor 2024 (MSI) (2024.2.3.25184) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-331791 | Foxit PDF Editor 12 (ML) (EXE) (12.1.3.15356) |
| PATCH-331792 | Foxit PDF Editor 12 (ML) (MSI) (12.1.3.15356) |
| PATCH-331790 | Foxit PDF Editor 12 (EXE) (12.1.3.15356) |
| PATCH-331793 | Foxit PDF Editor 12 (MSI) (12.1.3.15356) |
| PATCH-337986 | Foxit PDF Editor 12 (ML) (EXE) (12.1.5.15505) |
| PATCH-337987 | Foxit PDF Editor 12 (ML) (MSI) (12.1.5.15505) |
| PATCH-337985 | Foxit PDF Editor 12 (EXE) (12.1.5.15505) |
| PATCH-337988 | Foxit PDF Editor 12 (MSI) (12.1.5.15505) |
| PATCH-337982 | Foxit PDF Editor 11 (ML) (EXE) (11.2.9.53938) |
| PATCH-337983 | Foxit PDF Editor 11 (ML) (MSI) (11.2.9.53938) |
| PATCH-337981 | Foxit PDF Editor 11 (EXE) (11.2.9.53938) |
| PATCH-337984 | Foxit PDF Editor 11 (MSI) (11.2.9.53938) |
| PATCH-337998 | Foxit PDF Editor 13 (13.1.0.22420) |
| PATCH-337999 | Foxit PDF Editor 13 (MSI) (13.1.0.22420) |
| PATCH-338261 | Foxit PDF Editor 2024 (ML) (EXE) (2024.2.0.25138) |
| PATCH-338263 | Foxit PDF Editor 2024 (ML) (MSI) (2024.2.0.25138) |
| PATCH-338260 | Foxit PDF Editor 2024 (EXE) (2024.2.0.25138) |
| PATCH-338262 | Foxit PDF Editor 2024 (MSI) (2024.2.0.25138) |
| PATCH-347386 | Foxit Reader (2025.1.0.27937) |
| PATCH-347387 | Foxit Reader (ML) (2025.1.0.27937) |
| PATCH-347386 | Foxit Reader (2025.1.0.27937) |
| PATCH-347387 | Foxit Reader (ML) (2025.1.0.27937) |
| PATCH-347385 | Foxit PDF Reader (MSI) (2025.1.0.27937) |
| PATCH-347384 | Foxit PDF Reader (ML) (MSI) (2025.1.0.27937) |
| PATCH-347386 | Foxit Reader (2025.1.0.27937) |
| PATCH-347387 | Foxit Reader (ML) (2025.1.0.27937) |
| PATCH-347384 | Foxit PDF Reader (ML) (MSI) (2025.1.0.27937) |
| PATCH-347385 | Foxit PDF Reader (MSI) (2025.1.0.27937) |
| PATCH-347386 | Foxit Reader (2025.1.0.27937) |
| PATCH-347387 | Foxit Reader (ML) (2025.1.0.27937) |
| PATCH-347385 | Foxit PDF Reader (MSI) (2025.1.0.27937) |
| PATCH-347384 | Foxit PDF Reader (ML) (MSI) (2025.1.0.27937) |
| PATCH-347385 | Foxit PDF Reader (MSI) (2025.1.0.27937) |
| PATCH-347384 | Foxit PDF Reader (ML) (MSI) (2025.1.0.27937) |
| PATCH-344499 | Foxit PDF Editor 2024 (EXE) (2024.4.1.27687) |
| PATCH-344500 | Foxit PDF Editor 2024 (ML) (EXE) (2024.4.1.27687) |
| PATCH-344501 | Foxit PDF Editor 2024 (ML) (MSI) (2024.4.1.27687) |
| PATCH-344502 | Foxit PDF Editor 2024 (MSI) (2024.4.1.27687) |
| PATCH-344499 | Foxit PDF Editor 2024 (EXE) (2024.4.1.27687) |
| PATCH-344500 | Foxit PDF Editor 2024 (ML) (EXE) (2024.4.1.27687) |
| PATCH-344502 | Foxit PDF Editor 2024 (MSI) (2024.4.1.27687) |
| PATCH-344501 | Foxit PDF Editor 2024 (ML) (MSI) (2024.4.1.27687) |
| PATCH-344499 | Foxit PDF Editor 2024 (EXE) (2024.4.1.27687) |
| PATCH-344501 | Foxit PDF Editor 2024 (ML) (MSI) (2024.4.1.27687) |
| PATCH-344502 | Foxit PDF Editor 2024 (MSI) (2024.4.1.27687) |
| PATCH-344500 | Foxit PDF Editor 2024 (ML) (EXE) (2024.4.1.27687) |
| PATCH-344499 | Foxit PDF Editor 2024 (EXE) (2024.4.1.27687) |
| PATCH-344500 | Foxit PDF Editor 2024 (ML) (EXE) (2024.4.1.27687) |
| PATCH-344501 | Foxit PDF Editor 2024 (ML) (MSI) (2024.4.1.27687) |
| PATCH-344502 | Foxit PDF Editor 2024 (MSI) (2024.4.1.27687) |
| PATCH-344499 | Foxit PDF Editor 2024 (EXE) (2024.4.1.27687) |
| PATCH-344500 | Foxit PDF Editor 2024 (ML) (EXE) (2024.4.1.27687) |
| PATCH-344501 | Foxit PDF Editor 2024 (ML) (MSI) (2024.4.1.27687) |
| PATCH-344502 | Foxit PDF Editor 2024 (MSI) (2024.4.1.27687) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234