Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.
AnalysisAI
Use-after-free in Foxit PDF Reader and Foxit PDF Editor allows local attackers to execute arbitrary code or crash the application via specially crafted PDF documents. When scripts modify document structures, the software fails to maintain valid object references during page information queries, enabling pointer dereference of freed memory. Successful exploitation requires user interaction to open a malicious PDF file, achieving high confidentiality, integrity, and availability impact with CVSS 7.8. No active exploitation or public exploit code identified at time of analysis, though CVSS vector indicates low attack complexity once victim interaction occurs.
Technical ContextAI
This vulnerability stems from CWE-416 (Use After Free), a memory corruption class where freed heap memory is accessed after deallocation. Foxit PDF products use scripting engines (likely JavaScript) to enable interactive PDF features. When scripts trigger document modifications affecting page structures, the software's internal index and object reference management fails to invalidate pointers to freed memory regions. The CPE data identifies both Foxit PDF Editor (cpe:2.3:a:foxit_software_inc.:foxit_pdf_editor) and Foxit PDF Reader (cpe:2.3:a:foxit_software_inc.:foxit_pdf_reader) as affected, indicating the shared PDF rendering/scripting engine contains the flaw. During page information queries following structure modifications, dereferencing the stale pointer triggers memory corruption, enabling control-flow hijacking or denial of service depending on exploitation technique and heap layout.
RemediationAI
Consult Foxit's official security bulletin at https://www.foxit.com/support/security-bulletins.html for patched versions and apply vendor-released updates immediately. Exact fix versions not independently confirmed from provided data - verify current installed version against vendor advisory and upgrade if listed as vulnerable. As compensating controls until patching: disable JavaScript execution in Foxit PDF products via Edit > Preferences > JavaScript > Enable JavaScript (uncheck) to prevent script-triggered memory corruption, though this breaks interactive PDF features including forms and dynamic content. Implement application whitelisting to block execution of unsigned PDFs from untrusted sources. Deploy PDF sanitization gateways to strip embedded scripts from inbound documents. Train users to avoid opening PDFs from unknown senders or untrusted websites. Note that disabling JavaScript eliminates the trigger mechanism but may impact legitimate business workflows requiring PDF forms or annotations.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25829