CVE-2018-3940

EUVD-2018-15726
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talosCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
foxitsoftwarephantompdf
𝑥
≤ 9.2.0.9297
foxitsoftwarereader
𝑥
≤ 9.2.0.9297
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1041769
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0607
https://www.foxitsoftware.com/support/security-bulletins.php
http://www.securitytracker.com/id/1041769
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0607