Lucene search
TalosCVELIST:CVE-2024-25938HistoryApr 30, 2024 - 2:38 p.m.
CVE-2024-25938
2024-04-3014:38:40
CWE-416
talos
raw.githubusercontent.com
5
cve-2024-25938
foxit reader
use-after-free
barcode widget
memory corruption
arbitrary code execution
javascript
pdf document
memory corruption
browser plugin extension
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.
Related
talos
talos
Foxit Reader Barcode widget Calculate event use-after-free vulnerability
2024-04-30 00:00:00
cve
cve
CVE-2024-25938
2024-04-30 15:15:52
nessus
nessus
Foxit PDF Editor < 2024.2 Multiple Vulnerabilities
2024-04-28 00:00:00
Foxit PDF Reader < 2024.2 Multiple Vulnerabilities
2024-04-28 00:00:00
Foxit PDF Editor for Mac < 11.1.7 Multiple Vulnerabilities
2024-04-28 00:00:00
talosblog
talosblog