CVE-2023-33876 Information

Description

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796