CVE-2024-9255: 
Foxit PDF Reader vulnerability analysis and mitigation

A Use-After-Free vulnerability (CVE-2024-9255) was discovered in Foxit PDF Reader's handling of Annotation objects. The vulnerability was reported on August 20, 2024, and publicly disclosed on September 26, 2024. This security flaw affects multiple versions of Foxit PDF Reader and Foxit PDF Editor for Windows, including versions up to 2024.2.3.25184 (ZDI Advisory, Foxit Bulletin).

The vulnerability stems from the application's failure to validate the existence of an object prior to performing operations on the object when handling Annotation objects. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) (NVD).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code in the context of the current process on affected installations of Foxit PDF Reader. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (ZDI Advisory).

Foxit has released security updates to address this vulnerability. Users are advised to update to the latest versions of the affected software. For Version 2023.1 and higher, users can update by clicking on 'Help' > 'About Foxit PDF Reader' or 'About Foxit PDF Editor' > 'Check for Update'. Alternatively, users can download the latest version directly from the Foxit website (Foxit Bulletin).