Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
File must be opened by the user (AV:L, UI:R); no attacker privileges required (PR:N); crash gives High availability impact, out-of-bounds read gives Low confidentiality; no integrity or scope change.
Primary rating from Vendor (Foxit).
CVSS VectorVendor: Foxit
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes.
AnalysisAI
Out-of-bounds read in Foxit PDF Editor and Foxit PDF Reader's PRC 3D file header parser crashes the application and may leak process memory when a victim opens a specially crafted PDF. Affected version ranges span Foxit PDF Reader through 2026.1.1 and multiple Foxit PDF Editor release branches through 13.2.4, 14.0.4, and 2026.1.1. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a victim to actively open a specially crafted PDF file containing a malicious PRC 3D content section using an affected version of Foxit PDF Reader or Foxit PDF Editor. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.1 (Medium) is grounded in a local file-based attack vector (AV:L) with mandatory user interaction (UI:R), meaningfully constraining real-world exposure compared to network-reachable vulnerabilities. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a PDF document containing a PRC 3D model header whose structure description metadata specifies array element counts that do not match the actual allocated buffer size. The file is delivered to a target user via email attachment, a malicious download link, or a shared file repository. … |
| Remediation | The primary remediation is to upgrade Foxit PDF Reader and Foxit PDF Editor to versions that address this bulletin, as specified at https://www.foxit.com/support/security-bulletins.html - exact patched version numbers must be obtained directly from that advisory, as no fixed release identifier was independently confirmed in the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42190
GHSA-x6hw-8x39-wcwp