Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
AnalysisAI
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows local attackers to crash the application or potentially execute arbitrary code through specially crafted PDF files with malformed form field hierarchies. The vulnerability triggers when parsing logic misidentifies non-signature data as valid signatures, causing invalid memory writes during internal data structure construction. User interaction is required to open the malicious PDF document. No active exploitation has been identified at time of analysis, though the local attack vector and high CVSS score (7.8) warrant attention for endpoint security in environments handling untrusted PDF files.
Technical ContextAI
This vulnerability affects Foxit's PDF parsing engine, specifically the component responsible for processing PDF form field hierarchies and digital signature validation. The root cause is classified as CWE-20 (Improper Input Validation), where the parser fails to properly validate form field structure before processing signature-related data. When encountering malformed hierarchies, the flawed parsing logic misinterprets non-signature data as valid signature objects, leading to construction of corrupted internal data structures. This triggers invalid memory writes that manifest as crashes and potentially exploitable memory corruption conditions. The affected products are identified by CPE strings as Foxit PDF Reader (cpe:2.3:a:foxit_software_inc.:foxit_pdf_reader) and Foxit PDF Editor (cpe:2.3:a:foxit_software_inc.:foxit_pdf_editor), both widely deployed PDF processing applications on Windows, macOS, and Linux platforms.
RemediationAI
Check the official Foxit security bulletin at https://www.foxit.com/support/security-bulletins.html for the vendor-released patch and specific affected version ranges, then upgrade both Foxit PDF Reader and Foxit PDF Editor to the patched versions listed in the advisory. Until patching is complete, implement compensating controls: configure PDF applications to disable automatic opening of embedded content and disable JavaScript execution in PDF settings (trade-off: reduces functionality for interactive forms). Deploy endpoint detection rules monitoring for crashes in foxit*.exe processes when opening PDF files as potential exploitation indicators. Restrict PDF file sources through email filtering and web proxy policies to block PDFs from untrusted origins (trade-off: may impact legitimate business workflows requiring external PDF receipt). For high-security environments handling sensitive data, consider temporarily switching to alternative PDF readers for untrusted documents until patching is verified, though this introduces user experience and workflow disruption costs.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25827