Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found
Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader.
These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF readers on the market.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. Adobe’s patched this in version 24.005.20320, and Foxit’s patch appears in PDF Editor version 12.1.9/11.2.12.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Out-of-bounds read Adobe Acrobat Reader Vulnerabilities
Discovered by KPC.
Specially crafted font files embedded into a PDF can trigger out-of-bounds memory reads in TALOS-2024-2076 (CVE-2024-49534), TALOS-2024-2070 (CVE-2024-49533), and TALOS-2024-2064 (CVE-2024-49532), which could lead to the disclosure of sensitive information and further exploitation. An attacker must trick the user into opening a malicious file to trigger these vulnerabilities.
Foxit object use-after-free vulnerabilities
Discovered by KPC.
Two use-after-free vulnerabilities exist in the way Foxit Reader handles certain objects. TALOS-2024-2093 (CVE-2024-49576) and TALOS-2024-2094 (CVE-2024-47810) can be triggered by malicious JavaScript code in a PDF file. An attack needs to either trick a user into opening the malicious file, or the user must navigate to a maliciously crafted website while the Foxit browser extension is enabled. This vulnerability can lead to memory corruption and result in arbitrary code execution.
Cisco Talos Blog – Read More