Multiple RCE Vulnerabilities in Foxit PDF Reader and Editor

Foxit Software, a renowned provider of fast and feature-rich PDF solutions, has recently patched several critical security vulnerabilities in its popular Foxit PDF Reader and Editor software. These remote code execution vulnerabilities, identified as CVE-2023-27329, CVE-2023-27330, and CVE-2023-27331, have garnered significant attention due to the potential risks they pose to users’ systems.

The Vulnerabilities: A Closer Look

The identified security flaws stem from improper handling of Annotation objects within the software. This oversight allows attackers to exploit use-after-free vulnerabilities, enabling them to execute arbitrary code on the targeted system. Such breaches can occur when users are enticed into opening specially crafted files or visiting malicious web pages.

Affected Versions

The following Foxit software versions are impacted by these vulnerabilities:

  • Foxit PDF Editor 12.x <=
  • Foxit PDF Editor 11.x <=
  • Foxit PDF Editor <=
  • Foxit PDF Reader <=

Unaffected Versions

Foxit has released updates that address these vulnerabilities, rendering the following versions unaffected:

  • Foxit PDF Editor = 12.1.1
  • Foxit PDF Editor = 11.2.5
  • Foxit PDF Reader = 12.1.1

Breaking Down the CVEs

Each of the three identified CVEs carries a CVSS score of 7.8, indicating a significant level of risk.

  1. CVE-2023-27329: This vulnerability arises from a use-after-free issue in the handling of Annotation objects. By persuading a victim to open a maliciously crafted file, an attacker can exploit this vulnerability to execute arbitrary code on the system.
  2. CVE-2023-27330: Similarly, this vulnerability involves a use-after-free issue, but with the handling of XFA Annotation objects. The exploitation method and outcome are the same as for CVE-2023-27329.
  3. CVE-2023-27331: Once again, a use-after-free vulnerability affects the handling of Annotation objects. The exploitation process and potential consequences mirror those of the other two CVEs.


To protect themselves from the risks associated with these vulnerabilities, users of Foxit PDF Reader and Editor should promptly update their software to the latest, unaffected versions. By staying vigilant and keeping their software current, users can continue to leverage the powerful capabilities of Foxit PDF solutions while safeguarding their systems from potential security breaches.