Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local file-open vector (AV:L) with required user interaction (UI:R) and no privileges (PR:N); use-after-free supports high C/I/A, though description directly evidences only the availability crash.
Primary rating from Vendor (Foxit).
CVSS VectorVendor: Foxit
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.
AnalysisAI
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows a crafted PDF containing embedded JavaScript to free page objects and trigger a dangling write to pop-up annotation objects. An attacker who convinces a user to open a malicious document can crash the application and potentially achieve arbitrary code execution in the user's context. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a victim to open an attacker-crafted PDF (UI:R) in a vulnerable local installation of Foxit PDF Reader or Editor; the malicious file must contain embedded JavaScript that deletes page objects, so JavaScript execution must be enabled in the application (it is enabled by default). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 7.8) reflects a local attack vector requiring user interaction (opening a file) but no privileges, with high impact across confidentiality, integrity, and availability - consistent with a use-after-free that can escalate from a crash to code execution. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a PDF with embedded JavaScript that deletes page objects and emails it to a target or hosts it on a website. When the victim opens the document in a vulnerable Foxit PDF Reader or Editor, the stale annotation write triggers the use-after-free, crashing the application and potentially allowing the attacker to execute code in the victim's session. … |
| Remediation | Patch available per vendor advisory - upgrade Foxit PDF Reader and Foxit PDF Editor to the latest release published on the Foxit security bulletins page (https://www.foxit.com/support/security-bulletins.html); an exact fixed version was not included in the available data, so confirm the patched build against that bulletin (fixes will be later than 2026.1.1 for Reader/Editor and later than 14.0.4 for Editor 14.x). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Foxit installations; block PDF opening from untrusted sources via email gateways and endpoint policy. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to crash the application
Same weakness CWE-416 – Use After Free
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42187
GHSA-x96h-38x4-vxv6