CVE-2024-7722 Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability

🗓️ 21 Aug 2024 16:04:21Reported by zdiType

Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability allows remote attackers to disclose sensitive information. User interaction required to exploit by visiting a malicious page or opening a malicious file

Reporter	Title	Published	Views	Family All 19
BDU FSTEC	The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) lies in the use of memory after it is freed, allowing an attacker to disclose protected information.	26 Nov 202400:00	–	bdu_fstec
Circl	CVE-2024-7722	21 Aug 202419:05	–	circl
CVE	CVE-2024-7722	21 Aug 202416:04	–	cve
EUVD	EUVD-2024-48600	3 Oct 202520:07	–	euvd
Tenable Nessus	Foxit PDF Editor < 11.2.11 Multiple Vulnerabilities	18 Oct 202400:00	–	nessus
Tenable Nessus	Foxit PDF Editor < 12.1.8 Multiple Vulnerabilities	29 Sep 202400:00	–	nessus
Tenable Nessus	Foxit PDF Editor < 13.1.3 Multiple Vulnerabilities	14 Aug 202400:00	–	nessus
Tenable Nessus	Foxit PDF Editor < 13.1.4 Multiple Vulnerabilities	26 Sep 202400:00	–	nessus
Tenable Nessus	Foxit PDF Editor < 2024.2.3 Multiple Vulnerabilities	5 Sep 202400:00	–	nessus
Tenable Nessus	Foxit PDF Editor < 2024.3 Multiple Vulnerabilities	26 Sep 202400:00	–	nessus

[
  {
    "vendor": "Foxit",
    "product": "PDF Reader",
    "versions": [
      {
        "version": "2024.1.0.23997",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
foxit	www.foxit.com/support/security-bulletins.html
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-1124/

21 Aug 2024 16:04Current

CVSS 33.3

EPSS0.01017

CWE-416