Security Advisory

Foxit Product Security Update Advisory (CVE-2024-28888)

  • Oct 08 2024

Overview

 

An update has been released to address vulnerabilities in Foxit Products. Users of the affected versions are advised to update to the latest version.

 

Affected Products

CVE-2024-28888

  • Foxit PDF Editor versions: 2024.X (inclusive) ~ 2024.2.3.25184 (inclusive) (Windows)
  • Foxit PDF Editor versions: 2023.X (inclusive) ~ 2023.3.0.23028 (inclusive) (Windows)
  • Foxit PDF Reader versions: ~ 2024.2.3.25184 (inclusive) (Windows)

 

  • Foxit PDF Editor versions: 2024.X (inclusive) ~ 2024.2.3.64402 (inclusive) (macOS)
  • Foxit PDF Editor versions: 2023.x (inclusive) ~ 2023.3.0.63083 (inclusive) (macOS)
  • Foxit PDF Reader versions: ~ 2024.2.2.64388 (inclusive) (macOS)

 

  • Foxit PDF Editor versions: 13.x (inclusive) ~ 13.1.2.62201 (inclusive) (macOS)
  • Foxit PDF Editor versions: 12.x (inclusive) ~ 12.1.5.55449 (inclusive) (macOS)
  • Foxit PDF Editor versions: ~ 11.1.9.0524 (inclusive) (macOS)

 

  • Foxit PDF Editor versions: 13.X (inclusive) ~ 13.1.3.22478 (inclusive) (Windows)

 

  • Foxit PDF Editor versions: 12.X (inclusive) ~ 12.1.7.15526 (inclusive) (Windows)
  • Foxit PDF Editor versions: ~ 11.2.10.53951 (inclusive) (Windows)

 

 

Resolved Vulnerabilities

 

A Use-After-Free vulnerability in the application’s handling of checkbox fields, Doc objects, comment objects, or AcroForms could allow remote code execution or information disclosure due to a memory free vulnerability (CVE-2024-28888)

 

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-28888

  • Foxit PDF Editor version: 2024.3 (Windows)
  • Foxit PDF Editor version: 2024.3 (Windows)
  • Foxit PDF Reader version: 2024.3 (Windows)

 

  • Foxit PDF Editor version: 2024.3 (macOS)
  • Foxit PDF Editor version: 2024.3 (macOS)
  • Foxit PDF Reader version: 2024.3 (macOS)

 

  • Foxit PDF Editor version: 13.1.4 (macOS)
  • Foxit PDF Editor version: 13.1.4 (macOS)
  • Foxit PDF Editor version: 13.1.4 (macOS)

 

  • Foxit PDF Editor version: 13.1.4 (Windows)

 

  • Foxit PDF Editor version: 12.1.8 (Windows)
  • Foxit PDF Editor version: 12.1.8 (Windows)

     

References

 

[1] CVE-2024-28888 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-28888

[2] Security bulletins

https://www.foxit.com/support/security-bulletins.html

Tags:

Previous Post

Next Post