Multiple vulnerabilities in Foxit PDF Reader

Description

Multiple vulnerabilities were found in Foxit PDF Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, gain privileges.

Below is a complete list of vulnerabilities:

1. Code execution vulnerability can be exploited remotely to execute arbitrary code.
2. Use after free vulnerability in AcroForm can be exploited to execute arbitrary code.
3. Use after free vulnerability in Doc Object can be exploited to execute arbitrary code.
4. Out of bounds memory read vulnerability in Annotation can be exploited to obtain sensitive information.
5. Out of bounds memory read vulnerability in template can be exploited to execute arbitrary code.
6. Use after free vulnerability in File Parsing can be exploited to execute arbitrary code.
7. Type confusion vulnerability in AcroForm Annotation can be exploited to execute arbitrary code.
8. Use after free vulnerability in template can be exploited to execute arbitrary code.
9. Use after free vulnerability in Annotation can be exploited to obtain sensitive information.
10. Out of bounds memory read vulnerability in U3D File Parsing can be exploited to obtain sensitive information.
11. Out of bounds memory read vulnerability in AcroForm Annotation can be exploited to obtain sensitive information.
12. Out of bounds memory read vulnerability in Doc Object can be exploited to execute arbitrary code.
13. Use after free vulnerability in Annotation can be exploited to execute arbitrary code.
14. Out of bounds memory write vulnerability in U3D File Parsing can be exploited to execute arbitrary code.
15. Out of bounds memory read vulnerability in AcroForm 3D can be exploited to execute arbitrary code.
16. Out of bounds memory read vulnerability in AcroForm can be exploited to execute arbitrary code.
17. Out of bounds memory write vulnerability in U3D File Parsing can be exploited to execute arbitrary code.
18. Out of bounds memory read vulnerability in AcroForm can be exploited to obtain sensitive information.
19. Use after free vulnerability in Annotation can be exploited to execute arbitrary code.
20. Elevation of privilege vulnerability can be exploited remotely to gain privileges.

Original advisories

• Security updates available in Foxit PDF Reader 2024.1 and Foxit PDF Editor 2024.1

Related products

• Foxit-Reader
• Foxit-Reader-Enterprise

CVE list

• CVE-2024-25858
  warning
• CVE-2024-30328
  warning
• CVE-2024-30322
  warning
• CVE-2024-30333
  warning
• CVE-2024-30350
  warning
• CVE-2024-30346
  warning
• CVE-2024-30352
  warning
• CVE-2024-30366
  warning
• CVE-2024-30358
  warning
• CVE-2024-30323
  warning
• CVE-2024-30362
  warning
• CVE-2024-30325
  warning
• CVE-2024-30357
  warning
• CVE-2024-30344
  warning
• CVE-2024-30327
  warning
• CVE-2024-30339
  warning
• CVE-2024-30337
  warning
• CVE-2024-30329
  warning
• CVE-2024-30347
  warning
• CVE-2024-30351
  warning
• CVE-2024-30334
  warning
• CVE-2024-30367
  warning
• CVE-2024-30326
  warning
• CVE-2024-30335
  warning
• CVE-2024-30345
  warning
• CVE-2024-30341
  warning
• CVE-2024-30336
  warning
• CVE-2024-30338
  warning
• CVE-2024-30324
  warning
• CVE-2024-30371
  warning
• CVE-2024-30365
  warning
• CVE-2024-30343
  warning
• CVE-2024-30354
  warning
• CVE-2024-30349
  warning
• CVE-2024-30340
  warning
• CVE-2024-30330
  warning
• CVE-2024-30359
  warning
• CVE-2024-30355
  warning
• CVE-2024-30348
  warning
• CVE-2024-30363
  warning
• CVE-2024-30332
  warning
• CVE-2024-30356
  warning
• CVE-2024-30364
  warning
• CVE-2024-30353
  warning
• CVE-2024-30360
  warning
• CVE-2024-30331
  warning
• CVE-2024-30361
  warning
• CVE-2024-30342
  warning
• CVE-2024-32488
  warning

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com