High severity8.8NVD Advisory· Published Aug 1, 2018· Updated Jun 17, 2026
CVE-2018-3939
CVE-2018-3939
Description
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 9.1.0.5096
- Foxit/Foxitv5Range: Foxit Software Foxit PDF Reader 9.1.0.5096
Patches
Vulnerability mechanics
References
2- www.foxitsoftware.com/support/security-bulletins.phpnvdPatchVendor Advisory
- www.talosintelligence.com/vulnerability_reports/TALOS-2018-0606nvdExploitTechnical DescriptionThird Party Advisory
News mentions
0No linked articles in our index yet.