CVE-2024-9253

CWE-125 — Out-of-bounds Read CWE-3844 documents4 sources

Severity

7.1HIGH

EPSS

0.3%

top 42.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Foxit PDF Editor Foxit PDF Reader

Timeline

PublishedNov 22

Latest updateNov 23

Description

Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a rea…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶NVDfoxit/pdf_reader2024.2.3.25184

▶CVEListV5foxit/pdf_reader2024.2.2.25170

▶NVDfoxit/pdf_editor12.0 — 12.1.7.15526+4

🔴Vulnerability Details

GHSA

GHSA-vjmj-84v8-m369: Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability↗2024-11-23

▶

CVEList

Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability↗2024-11-22

▶

GHSA

com.enonic.xp:lib-auth vulnerable to Session Fixation↗2022-10-12

▶