CVE-2024-9253

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 29, 2024
CWE ID 125

Summary

CVE-2024-9253 is a newly disclosed vulnerability affecting Foxit PDF Reader. This issue is classified as an Out-Of-Bounds Read Information Disclosure vulnerability, which allows remote attackers to access sensitive data on affected systems. The flaw lies in the software's handling of AcroForms and stems from insufficient validation of user-supplied data. As a result, an attacker can read data beyond the allocated buffer, potentially leading to more serious exploits like arbitrary code execution. This vulnerability was identified independently as ZDI-CAN-24492 and requires user interaction, with the target needing to visit a malicious page or open a malicious file to be exploited.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share