CVE-2017-14458Use After Free in Foxit

CWE-416Use After Free5 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 23.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Talos FoxitFoxit PDF Reader
Timeline
PublishedApr 23
Latest updateMay 13

Description

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_reader8.3.2.25013
CVEListV5talos/foxitFoxit Software Foxit PDF Reader 8.3.2.25013.

🔴Vulnerability Details

2
GHSA
GHSA-hm55-gqww-x3wj: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 82022-05-13
CVEList
CVE-2017-14458: An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 82018-04-23

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader2018-04-19
Talos
Vulnerability Spotlight: Multiple Issues in Foxit PDF Reader2018-04-19
CVE-2017-14458 — Use After Free in Talos Foxit | cvebase