Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local crafted file with required user interaction (AV:L/UI:R); vendor describes a crash so availability is High, but confidentiality/integrity lowered to Low absent proven code execution.
Primary rating from Vendor (Foxit).
CVSS VectorVendor: Foxit
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release.
AnalysisAI
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embedded JavaScript writes annotation attributes without sufficient object-type and argument validation, corrupting the internal annotation structure so the application faults during subsequent object release (CWE-763). Local exploitation requires a user to open a crafted PDF; there is no public exploit identified at time of analysis and the flaw is not in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open an attacker-crafted PDF in Foxit PDF Reader or Foxit PDF Editor with the JavaScript engine enabled (default), where the embedded script writes annotation attributes to corrupt the annotation object's internal structure; the crash manifests on the subsequent object release. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, score 7.8) describes a local, low-complexity, unauthenticated flaw that requires user interaction (opening a file) and yields high impact across all three dimensions - consistent with memory corruption that could go beyond denial of service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a PDF containing JavaScript that writes malformed annotation attributes and emails or hosts it for download; when a victim opens the file in Foxit PDF Reader or Editor with JavaScript enabled, the corrupted annotation structure causes an invalid pointer release that crashes the application (denial of service) and could potentially be shaped into memory corruption. Because the vector is local with required user interaction (AV:L/UI:R), exploitation depends on social-engineering the target into opening the document; no public exploit code was identified at time of analysis. |
| Remediation | No exact fix version is provided in the input, so consult the Foxit security bulletin at https://www.foxit.com/support/security-bulletins.html for the patched release and upgrade Foxit PDF Reader and Foxit PDF Editor to the vendor-fixed version once identified (Patch available per vendor advisory; released patched version not independently confirmed here). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Disable PDF JavaScript in Foxit Reader and Editor (Settings > JavaScript) to eliminate the attack vector and notify all users of this mandatory configuration change. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to crash the application
Same weakness CWE-763 – Release of Invalid Pointer or Reference
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42205
GHSA-5mvj-c93h-4pfc