Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description states only a crash, so A:H with C/I:N; local crafted-file vector with required user interaction gives AV:L/UI:R, no privileges needed (PR:N).
Primary rating from Vendor (Foxit).
CVSS VectorVendor: Foxit
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed.
AnalysisAI
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application when its embedded JavaScript resets annotation status and then triggers a reset-form additional action, causing the parser to re-enter and dereference freed objects. Local victims who open a malicious document are affected; the CVSS 3.1 base score is 7.8. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a specially crafted PDF in Foxit PDF Editor or Foxit PDF Reader (UI:R in the vector), and that PDF must contain embedded JavaScript/additional actions that first reset annotation status and then trigger a reset-form additional action - the exact sequence that drives the re-entry into freed objects. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H = 7.8) models a local, low-complexity, unauthenticated attack requiring user interaction (opening a file), with full confidentiality/integrity/availability impact - consistent with memory corruption that could go beyond a crash. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails or hosts a booby-trapped PDF whose embedded JavaScript resets annotation status and then invokes a reset-form additional action; when the victim opens it in a vulnerable Foxit build, the re-entry path dereferences a freed object and the application crashes (denial of service), with potential for further memory-corruption exploitation. No public exploit code was identified at time of analysis, and successful exploitation requires the user to open the file. |
| Remediation | Update Foxit PDF Editor and Foxit PDF Reader to the fixed release identified in the Foxit security bulletin (https://www.foxit.com/support/security-bulletins.html); an exact fix version is not present in the provided data, so consult that advisory for the patched build - Patch available per vendor advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory Foxit PDF Editor and Reader installations across the organization; send security alert to users advising against opening PDFs from untrusted sources and to use alternatives for critical workflows. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to crash the application
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42204
GHSA-f8mh-5vwp-p567