CVE-2023-28744: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2023-28744) was discovered in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. The vulnerability was discovered by Aleksandar Nikolic of Cisco Talos and publicly disclosed on July 19, 2023. The vulnerability affects Foxit PDF Reader and Editor products, specifically targeting their JavaScript engine's handling of form fields (Talos Report).

The vulnerability exists in the way Foxit handles rendering of choice field elements. When a specially crafted PDF document manipulates form fields of a specific type, it can trigger the reuse of previously freed memory. The issue occurs when a choice field is assigned an item with an overridden toString function that removes the field during rendering, causing its backing memory to be freed and reused for other purposes. This leads to a use-after-free condition (CWE-416). The vulnerability has been assigned a CVSS v3.1 score of 8.8 (HIGH) with the vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (Talos Report).

The vulnerability can lead to memory corruption and arbitrary code execution. With careful memory layout manipulation and control over freed memory through techniques such as heap spraying, an attacker could potentially execute arbitrary code on the target system (Talos Report).

Foxit has released patches to address this vulnerability. Users are advised to update to the latest version of the software. Patches are available through the official Foxit download channels for both Foxit Reader and Foxit PhantomPDF Business (Talos Report).