CVE-2017-14458: Use After Free
First published: Thu Apr 19 2018(Updated: )
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxit Reader | =8.3.2.25013 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-14458?
CVE-2017-14458 is classified as a critical vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2017-14458?
To mitigate CVE-2017-14458, update Foxit PDF Reader to version 8.3.2.25014 or later.
What does CVE-2017-14458 affect?
CVE-2017-14458 specifically affects Foxit PDF Reader version 8.3.2.25013.
What type of vulnerability is CVE-2017-14458?
CVE-2017-14458 is a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader.
Can CVE-2017-14458 be exploited remotely?
Yes, CVE-2017-14458 can be exploited remotely if an attacker tricks a user into opening a specially crafted PDF document.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/foxit
- canonical/foxit reader
- version/foxit reader/8.3.2.25013