CVE-2024-49576: 
Foxit PDF Reader vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2024-49576) exists in Foxit Reader version 2024.3.0.26795. The vulnerability occurs in the way the software handles a checkbox CBFWidget object. When triggered through specially crafted JavaScript code within a malicious PDF document, this vulnerability can lead to memory corruption and potential arbitrary code execution. The vulnerability was discovered by KPC of Cisco Talos and was publicly disclosed on December 18, 2024 ([Talos Report](https://talosintelligence.com/vulnerabilityreports/TALOS-2024-2093)).

The vulnerability exists in the JavaScript handling functionality of Foxit Reader, which uses the V8 JavaScript engine for supporting interactive documents and dynamic forms. The issue specifically occurs when a checkbox object is freed by the deletePages() function and subsequently used without proper validation. The vulnerability has been assigned a CVSS v3.1 score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H and is classified as CWE-416 (Use After Free) (Talos Report).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary code on the target system. The impact is particularly severe as it could lead to complete system compromise, allowing attackers to gain the same privileges as the user running the Foxit Reader application (NVD).

Foxit has released version 2024.4 to address this vulnerability. Users are strongly encouraged to upgrade to this version or later immediately. The patch was released on December 17, 2024 (Security Online).