A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
References
| Link | Resource |
|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796 | Exploit Third Party Advisory |
| https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796 | Exploit Third Party Advisory |
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1796 |
Configurations
History
04 Nov 2025, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Nov 2024, 08:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796 - Exploit, Third Party Advisory |
26 Jul 2023, 21:04
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:foxit:pdf_reader:12.1.2.15332:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | (MISC) https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796 - Exploit, Third Party Advisory |
19 Jul 2023, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
19 Jul 2023, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-19 14:15
Updated : 2025-11-04 20:16
NVD link : CVE-2023-33876
Mitre link : CVE-2023-33876
CVE.ORG link : CVE-2023-33876
JSON object : View
Products Affected
foxit
- pdf_reader
CWE
CWE-416
Use After Free