CVE-2023-27379

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

Published: Jul 19, 2023
Updated: Jul 27, 2023
CVE: CVE-2023-27379
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
foxit / pdf_reader	12.1.2.15332	12.1.2.15332.x

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1756

Vulnerability Database

289,784

CVE-2023-27379