Login Sign Up

CVE-2024-9251

7.8 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in Foxit PDF Reader's annotation handling that allows information disclosure. Attackers can exploit it by tricking users into opening malicious PDF files, potentially leading to arbitrary code execution. All users running vulnerable versions of Foxit PDF Reader are affected.

💻 Affected Systems

Products:
  • Foxit PDF Reader
Versions: Versions prior to the patched release (check vendor advisory for specific range)
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations with annotation features enabled are vulnerable. User interaction required (opening malicious PDF).

📦 What is this software?

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Editor by Foxit

View all CVEs affecting Pdf Editor →

Pdf Reader by Foxit

View all CVEs affecting Pdf Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Information disclosure and limited memory corruption that could be chained with other vulnerabilities for code execution.

🟢

If Mitigated

Information disclosure only, with no code execution due to security controls like ASLR, DEP, or sandboxing.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious file). ZDI-CAN-24490 suggests proof-of-concept exists in controlled disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Foxit security bulletin for specific patched version

Vendor Advisory: https://www.foxit.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Visit Foxit security bulletins page
2. Download latest version or security update
3. Install update
4. Restart system

🔧 Temporary Workarounds

Disable PDF Reader in Browser

all

Prevent automatic PDF opening in web browsers

Browser-specific: Disable PDF viewer plugins/extensions

Use Alternative PDF Viewer

all

Temporarily switch to different PDF software

🧯 If You Can't Patch

  • Restrict PDF file opening to trusted sources only
  • Implement application whitelisting to block Foxit Reader execution

🔍 How to Verify

Check if Vulnerable:

Check Foxit Reader version against vendor advisory

Check Version:

Foxit Reader: Help → About (Windows) or Foxit Reader → About Foxit Reader (macOS)

Verify Fix Applied:

Verify installed version matches or exceeds patched version from advisory

📡 Detection & Monitoring

Log Indicators:

  • Foxit Reader crash logs with memory access violations
  • Unexpected annotation-related process behavior

Network Indicators:

  • Downloads of PDF files from untrusted sources
  • Unusual outbound connections after PDF opening

SIEM Query:

Process:foxitreader.exe AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2024-9251
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: November 22, 2024
Last Updated: November 29, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9251, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)