CVE-2024-9246

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 29, 2024
CWE ID 125

Summary

CVE-2024-9246 is a vulnerability affecting Foxit PDF Reader's handling of Annotation objects. This issue allows remote attackers to disclose sensitive information by inducing an out-of-bounds read. User interaction is necessary for exploitation, as the target must either visit a malicious webpage or open a crafted PDF file. The root cause is insufficient validation of user-supplied data, leading to a read beyond the allocated buffer. This vulnerability, identified as ZDI-CAN-24135, can potentially be combined with other flaws to execute arbitrary code in the context of the current process.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share