CVE-2024-30361 – A use-after-free vulnerability in Foxit PDF Rea... (How to Fix)

Q: What is the severity of CVE-2024-30361?

CVE-2024-30361 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Foxit PDF Reader's AcroForm handling allows remote attackers to execute arbitrary code when a user opens a malicious PDF file or visits a malicious webpage. This affects users of vulnerable Foxit PDF Reader versions, potentially leading to complete system compromise.

📋 TL;DR

A use-after-free vulnerability in Foxit PDF Reader's AcroForm handling allows remote attackers to execute arbitrary code when a user opens a malicious PDF file or visits a malicious webpage. This affects users of vulnerable Foxit PDF Reader versions, potentially leading to complete system compromise.

💻 Affected Systems

Products:

Foxit PDF Reader

Versions: Specific affected versions not specified in provided references; check Foxit security bulletins for exact version ranges.

Operating Systems: Windows, macOS, Linux (if applicable)

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations with vulnerable versions are affected. User interaction required (opening malicious PDF or visiting malicious webpage).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the same privileges as the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation, credential theft, or data exfiltration from the compromised system.

🟢

If Mitigated

Limited impact if application runs with minimal privileges, sandboxed, or network segmentation prevents lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction but no authentication. Use-after-free vulnerabilities are commonly weaponized in PDF reader attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Foxit security bulletins for specific patched version

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Visit Foxit security bulletins page
2. Identify latest patched version for your product
3. Download and install update
4. Restart system

🔧 Temporary Workarounds

Disable JavaScript in PDF Reader

all

Prevents JavaScript-based exploitation vectors in PDF files

In Foxit Reader: Edit > Preferences > JavaScript > Uncheck 'Enable JavaScript'

Use Protected View

all

Open PDFs in sandboxed protected view mode

In Foxit Reader: File > Preferences > Trust Manager > Enable 'Safe Reading Mode'

🧯 If You Can't Patch

Restrict PDF file handling to alternative PDF readers without this vulnerability
Implement application whitelisting to block Foxit Reader execution

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version against vulnerable versions listed in Foxit security bulletins

Check Version:

In Foxit Reader: Help > About Foxit Reader

Verify Fix Applied:

Verify installed version matches or exceeds patched version from Foxit advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected Foxit Reader crashes
Suspicious child processes spawned from Foxit Reader
Unusual network connections from Foxit Reader process

Network Indicators:

Outbound connections to suspicious domains/IPs from PDF reader process
Unusual DNS queries following PDF file opening

SIEM Query:

process_name:"FoxitReader.exe" AND (event_id:1 OR parent_process_name:"FoxitReader.exe")

📊 Metadata

CVE ID: CVE-2024-30361

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: April 2, 2024

Last Updated: August 8, 2025

🔗 References

https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-338/ Third Party Advisory
https://www.foxit.com/support/security-bulletins.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-338/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30361, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Editor by Foxit

Pdf Reader by Foxit

Pdf Reader by Foxit

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript in PDF Reader

Use Protected View

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities