An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0935 Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2020-01-16T22:00:31

Updated: 2022-04-19T17:34:38

Reserved: 2019-01-04T00:00:00


Link: CVE-2019-5130

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-01-16T22:15:12.590

Modified: 2022-06-14T18:43:36.300


Link: CVE-2019-5130

JSON object: View

cve-icon Redhat Information

No data.

CWE