CVE-2023-27379: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-27379) exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.2.15332. The vulnerability was discovered by Aleksandar Nikolic and Kamlapati Choubey of Cisco Talos and publicly disclosed on July 19, 2023. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution (Talos Report).

The vulnerability exists in the way Foxit Reader handles certain events of form elements, such as text fields or buttons. When a Calculate action is triggered through JavaScript, it frees objects associated with pages. These freed objects are later used without validation, leading to a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and is classified as CWE-416 (Use After Free) (Talos Report).

The vulnerability can lead to arbitrary code execution. Since additional JavaScript code can be executed between object free and reuse, freed memory could be put under attacker control. With careful memory layout manipulation, this can lead to further memory corruption and ultimately arbitrary code execution (Talos Report).

Foxit has released patches to address this vulnerability. Users should update to version 12.1.3 or later of Foxit PDF Reader and Foxit PDF Editor. The patches are available through the official Foxit download pages (Talos Report).