Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
User must open a local file (AV:L, UI:R); default JavaScript-enabled config requires no special privileges (PR:N); crash is primary impact (A:H) with minor memory exposure (C:L), no integrity impact.
Primary rating from Vendor (Foxit).
CVSS VectorVendor: Foxit
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds access.
AnalysisAI
Out-of-bounds read in Foxit PDF Editor and Foxit PDF Reader allows a local attacker to crash the application and potentially expose adjacent memory contents by delivering a specially crafted PDF containing malicious JavaScript. The JavaScript manipulates page and document objects to desynchronize internal page-related state from the renderer's trusted page count; when the renderer subsequently accesses page objects using the stale index, it reads beyond valid memory bounds. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | JavaScript must be enabled in the Foxit PDF application, which is the default configuration. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.1 (Medium) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H accurately captures the threat profile: this is a local, user-interaction-dependent attack with no authentication requirement. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a PDF document containing JavaScript that programmatically manipulates page-level objects to desynchronize the renderer's internal page count state. The PDF is delivered to a target via email attachment or malicious download link. … |
| Remediation | Users and administrators should consult the Foxit security bulletins at https://www.foxit.com/support/security-bulletins.html and upgrade to patched versions beyond the affected thresholds: Foxit PDF Editor above 14.0.4, above 13.2.4, or above 2026.1.1 depending on the installed branch, and Foxit PDF Reader above 2026.1.1. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42180
GHSA-r64f-c494-296f