cnvd - cnvd-2025-00956

cnvd-2025-00956

Vulnerability from cnvd

Title: Foxit Reader内存破坏漏洞（CNVD-2025-0095609）

Description:

Foxit Reader是中国福昕（Foxit）公司的一款PDF文档阅读器。

Foxit Reader 2024.3.0.26795版本存在安全漏洞，该漏洞源于复选框CBF_Widget对象中包含一个释放后重用漏洞。攻击者可利用该漏洞导致任意代码执行。

Severity: 高

Patch Name: Foxit Reader内存破坏漏洞（CNVD-2025-0095609）的补丁

Patch Description:

Foxit Reader是中国福昕（Foxit）公司的一款PDF文档阅读器。

Foxit Reader 2024.3.0.26795版本存在安全漏洞，该漏洞源于复选框CBF_Widget对象中包含一个释放后重用漏洞。攻击者可利用该漏洞导致任意代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新: https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093

Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-49576

Impacted products

Name
Foxit Foxit Reader 2024.3.0.26795

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-49576",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-49576"
    }
  },
  "description": "Foxit Reader\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u516c\u53f8\u7684\u4e00\u6b3ePDF\u6587\u6863\u9605\u8bfb\u5668\u3002\n\nFoxit Reader 2024.3.0.26795\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u590d\u9009\u6846CBF_Widget\u5bf9\u8c61\u4e2d\u5305\u542b\u4e00\u4e2a\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0:\r\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2024-2093",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-00956",
  "openTime": "2025-01-14",
  "patchDescription": "Foxit Reader\u662f\u4e2d\u56fd\u798f\u6615\uff08Foxit\uff09\u516c\u53f8\u7684\u4e00\u6b3ePDF\u6587\u6863\u9605\u8bfb\u5668\u3002\r\n\r\nFoxit Reader 2024.3.0.26795\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u590d\u9009\u6846CBF_Widget\u5bf9\u8c61\u4e2d\u5305\u542b\u4e00\u4e2a\u91ca\u653e\u540e\u91cd\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Foxit Reader\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2025-0095609\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Foxit Foxit Reader 2024.3.0.26795"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-49576",
  "serverity": "\u9ad8",
  "submitTime": "2024-12-20",
  "title": "Foxit Reader\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08CNVD-2025-0095609\uff09"
}

CVE-2024-49576 (GCVE-0-2024-49576)

Vulnerability from cvelistv5

Published

2024-12-18 15:57

Modified

2024-12-18 18:03

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Summary

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

References

▼	URL	Tags
	https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093

Impacted products

	Vendor	Product	Version
	Foxit	Foxit Reader	Version: 2024.3.0.26795

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49576",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-18T16:09:20.627377Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-18T16:09:30.841Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-18T18:03:41.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2093"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Foxit Reader",
          "vendor": "Foxit",
          "versions": [
            {
              "status": "affected",
              "version": "2024.3.0.26795"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered by KPC of Cisco Talos."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T15:57:33.904Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093",
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2024-49576",
    "datePublished": "2024-12-18T15:57:33.904Z",
    "dateReserved": "2024-10-16T21:19:57.878Z",
    "dateUpdated": "2024-12-18T18:03:41.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted