What is the severity of CVE-2023-42091?

CVE-2023-42091 is classified as a critical vulnerability due to its potential for remote code execution.

How do I fix CVE-2023-42091?

To mitigate CVE-2023-42091, users should update to the latest version of Foxit PDF Reader or Foxit PhantomPDF that addresses this vulnerability.

What products are affected by CVE-2023-42091?

CVE-2023-42091 affects several versions of Foxit PDF Reader and Foxit PhantomPDF, specifically those before the latest patch.

What exploitation method is used in CVE-2023-42091?

CVE-2023-42091 is exploited through a use-after-free vulnerability requiring user interaction with malicious PDF files.

Is user interaction required to exploit CVE-2023-42091?

Yes, user interaction is required as the target must open a specially crafted PDF document to trigger the vulnerability.

Vulnerability/
CVE-2023-42091

high

7.8

CWE

416

3/5/2024

4/6/2024

29/1/2025

CVE-2023-42091: Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability

First published: Fri May 03 2024(Updated: )

Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21601.

Credit: zdi-disclosures@trendmicro.com

Affected Software	Affected Version	How to fix
Foxit Reader
Foxit PDF Editor for Mac	<=10.1.12.37872
Foxit PDF Editor for Mac	>=11.0.0<=11.2.7.53812
Foxit PDF Editor for Mac	>=12.0.0<=12.1.3.15356
Foxit PDF Editor for Mac	=2023.1.0.15510
Foxit Reader	<=12.1.3.15356

Remedy

https://www.foxit.com/support/security-bulletins.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-42091?
CVE-2023-42091 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2023-42091?
To mitigate CVE-2023-42091, users should update to the latest version of Foxit PDF Reader or Foxit PhantomPDF that addresses this vulnerability.
What products are affected by CVE-2023-42091?
CVE-2023-42091 affects several versions of Foxit PDF Reader and Foxit PhantomPDF, specifically those before the latest patch.
What exploitation method is used in CVE-2023-42091?
CVE-2023-42091 is exploited through a use-after-free vulnerability requiring user interaction with malicious PDF files.
Is user interaction required to exploit CVE-2023-42091?
Yes, user interaction is required as the target must open a specially crafted PDF document to trigger the vulnerability.

agent/references
agent/title
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/author
agent/severity
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/source
collector/zdi-advisory
source/ZDI
alias/ZDI-23-1424
alias/ZDI-CAN-21601
alias/CVE-2023-42091
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
agent/event
collector/nvd-api
source/NVD
vendor/foxit
canonical/foxit reader
canonical/foxit pdf editor for mac
version/foxit pdf editor for mac/10.1.12.37872
version/foxit pdf editor for mac/11.0.0
version/foxit pdf editor for mac/11.2.7.53812
version/foxit pdf editor for mac/12.0.0
version/foxit pdf editor for mac/12.1.3.15356
version/foxit pdf editor for mac/2023.1.0.15510
version/foxit reader/12.1.3.15356