Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
AnalysisAI
Use-after-free in Foxit PDF Reader and Foxit PDF Editor allows arbitrary code execution when specially crafted PDF documents trigger UI refresh operations after comment deletion via scripting. Local attackers can deliver malicious PDFs and achieve code execution with high integrity and confidentiality impact once a user opens the file. CVSS 7.8 indicates high severity but requires user interaction, limiting automated exploitation. No public exploit code or active exploitation confirmed at time of analysis.
Technical ContextAI
This is a use-after-free vulnerability (CWE-416) in Foxit's PDF rendering engine, affecting both the commercial PDF Editor and free PDF Reader products. The flaw occurs in the JavaScript scripting engine's interaction with the UI rendering subsystem. When embedded JavaScript code programmatically removes comments from a PDF document and subsequently triggers a UI refresh operation, the application accesses memory that has already been deallocated. Use-after-free conditions are particularly dangerous in document readers because they allow attackers to control freed memory contents through carefully structured PDF objects, enabling arbitrary code execution. The vulnerability exists in the object lifecycle management between the scripting API and the UI rendering pipeline, where the comment deletion invalidates pointers that are later dereferenced during screen updates.
RemediationAI
Apply vendor-released patches available through Foxit's security bulletin portal at https://www.foxit.com/support/security-bulletins.html. Specific patched versions not enumerated in available data - refer to the bulletin for exact fixed versions for PDF Reader and PDF Editor respectively. As an interim compensating control, disable JavaScript execution in Foxit PDF products via Edit > Preferences > JavaScript > Enable JavaScript Actions (uncheck), which prevents the scripting trigger required for exploitation but breaks PDF forms and interactive features that rely on JavaScript. For enterprise deployments, implement application whitelisting to block execution of processes spawned from PDF reader processes, limiting post-exploitation impact. Email gateway scanning should flag PDFs containing JavaScript and subject them to enhanced scrutiny or quarantine pending user approval.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25826