CVE-2018-3961 HIGH

CVE-2018-3961

Vendor Foxit
Product Foxit PDF Reader
Published October 2, 2018
Last update September 17, 2024

CVSS base score

8.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Key dates

02Disclosure timeline

October 2, 2018 CVE published
September 17, 2024 Record updated