Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
AnalysisAI
Unhandled exception in Foxit PDF Editor and Foxit PDF Reader allows local denial of service when a user opens a maliciously crafted PDF file with insufficient parameter verification, causing the application to crash via an uncaught std::invalid_argument exception. The vulnerability requires user interaction (opening a file) and local file access but affects all versions of both products without authentication requirements.
Technical ContextAI
The vulnerability stems from CWE-248 (Uncaught Exception), a class of weaknesses where applications fail to properly catch and handle exceptions. In this case, Foxit's PDF parsing engine does not validate parameters sufficiently before processing file data, leading to format errors that trigger an unhandled C++ std::invalid_argument exception. This exception occurs at a level in the call stack where no exception handler exists, causing immediate application termination. The affected products (Foxit PDF Editor and Foxit PDF Reader) share common PDF parsing libraries where this validation gap exists across multiple versions.
RemediationAI
Contact Foxit Software for patch availability and specific fix versions, as the security bulletin reference does not provide explicit patch versions in the available data. Users should avoid opening PDF files from untrusted sources until a patch is available. As a temporary compensating control, disable PDF auto-opening in email clients and file managers, and restrict PDF file access to sandboxed or isolated environments if available. Users can work around individual problematic PDFs by using alternative PDF readers (such as Adobe Acrobat Reader or open-source tools) to determine if the file is malicious before attempting to open it in Foxit. Monitor Foxit's support page for security bulletin updates that will contain precise fix versions and deployment guidance.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-248 – Uncaught Exception
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25823