CVE-2024-47810: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2024-47810) exists in Foxit Reader 2024.3.0.26795 in the way it handles a 3D page object. The vulnerability was discovered by KPC of Cisco Talos and disclosed on December 18, 2024. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution (Talos Report).

The vulnerability occurs when a page object is freed but its reference within a 3D object is not cleared, leading to a use-after-free condition. The issue is tracked as CWE-416 (Use After Free) and has received a CVSS v3.1 score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability exists in the JavaScript functionality of Foxit Reader, which uses the V8 JavaScript engine for handling interactive documents and dynamic forms (Talos Report).

The vulnerability can lead to memory corruption and potentially result in arbitrary code execution. An attacker could exploit this vulnerability either by tricking a user into opening a malicious PDF file or if a user visits a specially crafted website while the Foxit browser plugin extension is enabled (Talos Report).

Foxit has released version 2024.4 to address this vulnerability. Users are encouraged to upgrade to this version or later immediately (Security Online).