Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
626 vulnerabilities found for pdf_reader by foxit
CVE-2026-5943 (GCVE-0-2026-5943)
Vulnerability from nvd – Published: 2026-04-27 11:00 – Updated: 2026-04-28 03:55
VLAI
Title
Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability
Summary
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T03:55:23.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries."
}
],
"value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:31.554Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5943",
"datePublished": "2026-04-27T11:00:31.554Z",
"dateReserved": "2026-04-09T03:42:20.240Z",
"dateUpdated": "2026-04-28T03:55:23.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5942 (GCVE-0-2026-5942)
Vulnerability from nvd – Published: 2026-04-27 11:00 – Updated: 2026-04-27 13:43
VLAI
Title
Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability
Summary
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:38:11.039409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:43:18.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program."
}
],
"value": "Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:33.818Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5942",
"datePublished": "2026-04-27T11:00:33.818Z",
"dateReserved": "2026-04-09T03:42:17.871Z",
"dateUpdated": "2026-04-27T13:43:18.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5941 (GCVE-0-2026-5941)
Vulnerability from nvd – Published: 2026-04-27 11:00 – Updated: 2026-04-28 03:55
VLAI
Title
Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability
Summary
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper input validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T03:55:25.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction."
}
],
"value": "Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:25.495Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5941",
"datePublished": "2026-04-27T11:00:25.495Z",
"dateReserved": "2026-04-09T03:42:15.877Z",
"dateUpdated": "2026-04-28T03:55:25.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5940 (GCVE-0-2026-5940)
Vulnerability from nvd – Published: 2026-04-27 11:00 – Updated: 2026-04-28 03:55
VLAI
Title
Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Summary
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T03:55:22.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes."
}
],
"value": "Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:36.200Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5940",
"datePublished": "2026-04-27T11:00:36.200Z",
"dateReserved": "2026-04-09T03:42:11.434Z",
"dateUpdated": "2026-04-28T03:55:22.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5939 (GCVE-0-2026-5939)
Vulnerability from nvd – Published: 2026-04-27 11:00 – Updated: 2026-04-28 12:50
VLAI
Title
UAF in Foxit PDF Editor/Reader via XFA calculate event
Summary
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T03:55:25.421518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:50:41.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Haein Lee from KAIST Hacking Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution."
}
],
"value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:29.102Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAF in Foxit PDF Editor/Reader via XFA calculate event",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5939",
"datePublished": "2026-04-27T11:00:29.102Z",
"dateReserved": "2026-04-09T03:42:09.733Z",
"dateUpdated": "2026-04-28T12:50:41.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5938 (GCVE-0-2026-5938)
Vulnerability from nvd – Published: 2026-04-27 11:00 – Updated: 2026-04-27 13:42
VLAI
Title
Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability
Summary
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-691 - Insufficient Control Flow Management (CWE-691)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:38:23.323940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:42:57.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CITIVD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service."
}
],
"value": "Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "Insufficient Control Flow Management (CWE-691)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:38.202Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5938",
"datePublished": "2026-04-27T11:00:38.202Z",
"dateReserved": "2026-04-09T03:42:07.680Z",
"dateUpdated": "2026-04-27T13:42:57.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5937 (GCVE-0-2026-5937)
Vulnerability from nvd – Published: 2026-04-27 11:00 – Updated: 2026-04-27 13:42
VLAI
Title
Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability
Summary
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught exception
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:38:29.887269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:42:51.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CITIVD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate."
}
],
"value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:42.447Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader\u0027s insufficient parameter validation leads to denial-of-service vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5937",
"datePublished": "2026-04-27T11:00:42.447Z",
"dateReserved": "2026-04-09T03:42:03.943Z",
"dateUpdated": "2026-04-27T13:42:51.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3780 (GCVE-0-2026-3780)
Vulnerability from nvd – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:14
VLAI
Title
Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation
Summary
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:17:32.017921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:01.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kara Zaffarano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation."
}
],
"value": "The application\u0027s installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:14:27.519Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3780",
"datePublished": "2026-04-01T01:40:33.511Z",
"dateReserved": "2026-03-08T03:43:30.840Z",
"dateUpdated": "2026-04-02T02:14:27.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3779 (GCVE-0-2026-3779)
Vulnerability from nvd – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:14
VLAI
Title
Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability
Summary
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-01T03:06:18.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:18:37.648755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:18.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "KPC of Cisco Talos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution."
}
],
"value": "The application\u0027s list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:14:05.708Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3779",
"datePublished": "2026-04-01T01:40:29.712Z",
"dateReserved": "2026-03-08T03:43:28.979Z",
"dateUpdated": "2026-04-02T02:14:05.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3778 (GCVE-0-2026-3778)
Vulnerability from nvd – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:13
VLAI
Title
Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader
Summary
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:18:05.816279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:11.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes."
}
],
"value": "The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Stack overflow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:13:28.588Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3778",
"datePublished": "2026-04-01T01:40:31.681Z",
"dateReserved": "2026-03-08T03:43:26.764Z",
"dateUpdated": "2026-04-02T02:13:28.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3777 (GCVE-0-2026-3777)
Vulnerability from nvd – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:12
VLAI
Title
Use after free of view cache in Foxit PDF Editor/Reader
Summary
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:19:00.361361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:25.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution."
}
],
"value": "The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:12:55.076Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use after free of view cache in Foxit PDF Editor/Reader",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3777",
"datePublished": "2026-04-01T01:40:27.829Z",
"dateReserved": "2026-03-08T03:43:24.941Z",
"dateUpdated": "2026-04-02T02:12:55.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3776 (GCVE-0-2026-3776)
Vulnerability from nvd – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:12
VLAI
Title
Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation
Summary
The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL pointer dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:16:53.743286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:55.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service."
}
],
"value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:12:28.499Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3776",
"datePublished": "2026-04-01T01:40:35.260Z",
"dateReserved": "2026-03-08T03:43:23.264Z",
"dateUpdated": "2026-04-02T02:12:28.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3775 (GCVE-0-2026-3775)
Vulnerability from nvd – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:11
VLAI
Title
Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Summary
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - DLL Hijacking
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
|
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:16:37.847431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:46.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Erik Egsgard of Field Effect working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low\u2011privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user\u2011writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution."
}
],
"value": "The application\u0027s update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low\u2011privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user\u2011writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: DLL Hijacking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:11:52.749Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3775",
"datePublished": "2026-04-01T01:40:36.975Z",
"dateReserved": "2026-03-08T03:42:27.208Z",
"dateUpdated": "2026-04-02T02:11:52.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3774 (GCVE-0-2026-3774)
Vulnerability from nvd – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:11
VLAI
Title
Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
Summary
The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:15:18.808122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:37.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Titus Vollbracht, S\u00f6ren Borgstedt, Christian Mainka, Vladislav Mladenov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script\u2011driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen."
}
],
"value": "The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script\u2011driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:11:11.364Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3774",
"datePublished": "2026-04-01T01:40:39.223Z",
"dateReserved": "2026-03-08T03:42:24.474Z",
"dateUpdated": "2026-04-02T02:11:11.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66499 (GCVE-0-2025-66499)
Vulnerability from nvd – Published: 2025-12-19 07:11 – Updated: 2025-12-19 17:16
VLAI
Title
Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability
Summary
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:15:51.634690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:16:14.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap-based buffer overflow vulnerability exists in the \u003cstrong\u003ePDF parsing of Foxit PDF Reader\u003c/strong\u003e when processing \u003cstrong\u003especially crafted JBIG2 data\u003c/strong\u003e. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a \u003cstrong\u003eremote attacker to execute arbitrary code\u003c/strong\u003e."
}
],
"value": "A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:11:50.238Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66499",
"datePublished": "2025-12-19T07:11:50.238Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T17:16:14.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5937 (GCVE-0-2026-5937)
Vulnerability from cvelistv5 – Published: 2026-04-27 11:00 – Updated: 2026-04-27 13:42
VLAI
Title
Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability
Summary
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught exception
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:38:29.887269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:42:51.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CITIVD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate."
}
],
"value": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:42.447Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader\u0027s insufficient parameter validation leads to denial-of-service vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5937",
"datePublished": "2026-04-27T11:00:42.447Z",
"dateReserved": "2026-04-09T03:42:03.943Z",
"dateUpdated": "2026-04-27T13:42:51.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5938 (GCVE-0-2026-5938)
Vulnerability from cvelistv5 – Published: 2026-04-27 11:00 – Updated: 2026-04-27 13:42
VLAI
Title
Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability
Summary
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-691 - Insufficient Control Flow Management (CWE-691)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:38:23.323940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:42:57.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CITIVD"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service."
}
],
"value": "Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-691",
"description": "Insufficient Control Flow Management (CWE-691)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:38.202Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5938",
"datePublished": "2026-04-27T11:00:38.202Z",
"dateReserved": "2026-04-09T03:42:07.680Z",
"dateUpdated": "2026-04-27T13:42:57.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5940 (GCVE-0-2026-5940)
Vulnerability from cvelistv5 – Published: 2026-04-27 11:00 – Updated: 2026-04-28 03:55
VLAI
Title
Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
Summary
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T03:55:22.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes."
}
],
"value": "Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:36.200Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5940",
"datePublished": "2026-04-27T11:00:36.200Z",
"dateReserved": "2026-04-09T03:42:11.434Z",
"dateUpdated": "2026-04-28T03:55:22.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5942 (GCVE-0-2026-5942)
Vulnerability from cvelistv5 – Published: 2026-04-27 11:00 – Updated: 2026-04-27 13:43
VLAI
Title
Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability
Summary
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T13:38:11.039409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:43:18.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program."
}
],
"value": "Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:33.818Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5942",
"datePublished": "2026-04-27T11:00:33.818Z",
"dateReserved": "2026-04-09T03:42:17.871Z",
"dateUpdated": "2026-04-27T13:43:18.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5943 (GCVE-0-2026-5943)
Vulnerability from cvelistv5 – Published: 2026-04-27 11:00 – Updated: 2026-04-28 03:55
VLAI
Title
Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability
Summary
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier Affected: Versions 13.2.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T03:55:23.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries."
}
],
"value": "Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:31.554Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5943",
"datePublished": "2026-04-27T11:00:31.554Z",
"dateReserved": "2026-04-09T03:42:20.240Z",
"dateUpdated": "2026-04-28T03:55:23.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5939 (GCVE-0-2026-5939)
Vulnerability from cvelistv5 – Published: 2026-04-27 11:00 – Updated: 2026-04-28 12:50
VLAI
Title
UAF in Foxit PDF Editor/Reader via XFA calculate event
Summary
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T03:55:25.421518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:50:41.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Haein Lee from KAIST Hacking Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution."
}
],
"value": "A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:29.102Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAF in Foxit PDF Editor/Reader via XFA calculate event",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5939",
"datePublished": "2026-04-27T11:00:29.102Z",
"dateReserved": "2026-04-09T03:42:09.733Z",
"dateUpdated": "2026-04-28T12:50:41.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5941 (GCVE-0-2026-5941)
Vulnerability from cvelistv5 – Published: 2026-04-27 11:00 – Updated: 2026-04-28 03:55
VLAI
Title
Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability
Summary
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper input validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2026.1 and earlier
Affected: Versions 14.0.3 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2026.1 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T03:55:25.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2026.1 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction."
}
],
"value": "Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T11:00:25.495Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-5941",
"datePublished": "2026-04-27T11:00:25.495Z",
"dateReserved": "2026-04-09T03:42:15.877Z",
"dateUpdated": "2026-04-28T03:55:25.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3774 (GCVE-0-2026-3774)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:11
VLAI
Title
Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
Summary
The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:15:18.808122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:37.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Titus Vollbracht, S\u00f6ren Borgstedt, Christian Mainka, Vladislav Mladenov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script\u2011driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen."
}
],
"value": "The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script\u2011driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:11:11.364Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3774",
"datePublished": "2026-04-01T01:40:39.223Z",
"dateReserved": "2026-03-08T03:42:24.474Z",
"dateUpdated": "2026-04-02T02:11:11.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3775 (GCVE-0-2026-3775)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:11
VLAI
Title
Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Summary
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-427 - DLL Hijacking
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
|
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:16:37.847431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:46.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Erik Egsgard of Field Effect working with TrendAI Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low\u2011privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user\u2011writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution."
}
],
"value": "The application\u0027s update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low\u2011privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user\u2011writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: DLL Hijacking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:11:52.749Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3775",
"datePublished": "2026-04-01T01:40:36.975Z",
"dateReserved": "2026-03-08T03:42:27.208Z",
"dateUpdated": "2026-04-02T02:11:52.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3776 (GCVE-0-2026-3776)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:12
VLAI
Title
Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation
Summary
The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-476 - NULL pointer dereference
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:16:53.743286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:50:55.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service."
}
],
"value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL pointer dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:12:28.499Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3776",
"datePublished": "2026-04-01T01:40:35.260Z",
"dateReserved": "2026-03-08T03:43:23.264Z",
"dateUpdated": "2026-04-02T02:12:28.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3780 (GCVE-0-2026-3780)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:14
VLAI
Title
Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation
Summary
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:17:32.017921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:01.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kara Zaffarano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation."
}
],
"value": "The application\u0027s installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:14:27.519Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3780",
"datePublished": "2026-04-01T01:40:33.511Z",
"dateReserved": "2026-03-08T03:43:30.840Z",
"dateUpdated": "2026-04-02T02:14:27.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3778 (GCVE-0-2026-3778)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:13
VLAI
Title
Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader
Summary
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:18:05.816279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:11.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes."
}
],
"value": "The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Stack overflow"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:13:28.588Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3778",
"datePublished": "2026-04-01T01:40:31.681Z",
"dateReserved": "2026-03-08T03:43:26.764Z",
"dateUpdated": "2026-04-02T02:13:28.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3779 (GCVE-0-2026-3779)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:14
VLAI
Title
Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability
Summary
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-04-01T03:06:18.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:18:37.648755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:18.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "KPC of Cisco Talos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application\u0027s list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution."
}
],
"value": "The application\u0027s list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:14:05.708Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3779",
"datePublished": "2026-04-01T01:40:29.712Z",
"dateReserved": "2026-03-08T03:43:28.979Z",
"dateUpdated": "2026-04-02T02:14:05.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3777 (GCVE-0-2026-3777)
Vulnerability from cvelistv5 – Published: 2026-04-01 01:40 – Updated: 2026-04-02 02:12
VLAI
Title
Use after free of view cache in Foxit PDF Editor/Reader
Summary
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.3 and earlier
Affected: Versions 14.0.2 and earlier Affected: Versions 13.2.2 and earlier |
|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.3 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T14:19:00.361361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T15:51:25.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.2 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.2 and earlier"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.3 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Suyue Guo from UCSB Seclab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution."
}
],
"value": "The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T02:12:55.076Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use after free of view cache in Foxit PDF Editor/Reader",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2026-3777",
"datePublished": "2026-04-01T01:40:27.829Z",
"dateReserved": "2026-03-08T03:43:24.941Z",
"dateUpdated": "2026-04-02T02:12:55.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66499 (GCVE-0-2025-66499)
Vulnerability from cvelistv5 – Published: 2025-12-19 07:11 – Updated: 2025-12-19 17:16
VLAI
Title
Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability
Summary
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
|
| Foxit Software Inc. | Foxit PDF Editor |
Affected:
Versions 2025.2.1 and earlier
Affected: Versions 14.0.1 and earlier Affected: Versions 13.2.1 and eariler |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T17:15:51.634690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T17:16:14.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Reader",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "Foxit PDF Editor",
"vendor": "Foxit Software Inc.",
"versions": [
{
"status": "affected",
"version": "Versions 2025.2.1 and earlier"
},
{
"status": "affected",
"version": "Versions 14.0.1 and earlier"
},
{
"status": "affected",
"version": "Versions 13.2.1 and eariler"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap-based buffer overflow vulnerability exists in the \u003cstrong\u003ePDF parsing of Foxit PDF Reader\u003c/strong\u003e when processing \u003cstrong\u003especially crafted JBIG2 data\u003c/strong\u003e. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a \u003cstrong\u003eremote attacker to execute arbitrary code\u003c/strong\u003e."
}
],
"value": "A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Potential arbitrary code execution"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T07:11:50.238Z",
"orgId": "14984358-7092-470d-8f34-ade47a7658a2",
"shortName": "Foxit"
},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2",
"assignerShortName": "Foxit",
"cveId": "CVE-2025-66499",
"datePublished": "2025-12-19T07:11:50.238Z",
"dateReserved": "2025-12-03T01:33:55.298Z",
"dateUpdated": "2025-12-19T17:16:14.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}