CVE-2024-30329: 
Foxit PDF Reader vulnerability analysis and mitigation

A Use-After-Free Information Disclosure vulnerability has been identified in Foxit PDF Reader (CVE-2024-30329). The vulnerability exists within the handling of Annotation objects and stems from the application's failure to validate the existence of an object before performing operations on it. This security flaw was discovered and reported through the Zero Day Initiative program (ZDI Advisory).

The vulnerability is classified with a CVSS v3.0 Base Score of 3.3 (LOW) with the following vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The specific issue lies in the application's handling of Annotation objects, where operations are performed without proper validation of object existence. The vulnerability is tracked as ZDI-CAN-22634 (ZDI Advisory).

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. The impact is limited to information disclosure, with no direct impact on integrity or availability. However, attackers could potentially leverage this vulnerability in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

Foxit has released security updates to address this vulnerability. Users are advised to update their Foxit PDF Reader installations to the latest version. The fix is included in the security updates available through the official Foxit security bulletin (Foxit Security).