CVE-2024-28888

critical

Description

Addressed potential issues where the application could be exposed to a Use-After-Free vulnerability and crash when handling certain checkbox field objects, Annotation objects, or AcroForms, which attackers could exploit to execute remote code. This occurs as the application uses a wild pointer or an object that has been freed without proper validation, or fails to properly synchronize the annotation items when handling the Reply Note of an annotation using JavaScript. (CVE-2024-28888, CVE-2024-7725, ZDI-CAN-23932, ZDI-CAN-25173)

Details

Source: Mitre, NVD

Published: 2024-09-26

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics