Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
File-based delivery requires local open (AV:L, UI:R); no credentials needed (PR:N); crash dominates impact (A:H) with minor memory-leak risk (C:L); no integrity or scope change.
Primary rating from Vendor (Foxit).
CVSS VectorVendor: Foxit
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application.
AnalysisAI
Out-of-bounds read in Foxit PDF Editor and Foxit PDF Reader crashes the application and exposes limited memory contents when a victim opens a specially crafted PDF embedding a semantically malformed color space function. Affected versions span multiple branches across both Editor and Reader products, confirmed through EUVD-2026-42198. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target must actively open a specially crafted PDF file containing an abnormal color space definition that references a valid but semantically malformed function object, using an affected version of Foxit PDF Editor (13.2.4 and earlier, 14.0.4 and earlier, or 2026.1.1 and earlier) or Foxit PDF Reader (2026.1.1 and earlier). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.1 Medium with vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H accurately reflects the file-based, user-interaction-dependent nature of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker constructs a PDF document that embeds a color space definition referencing a specially crafted function with semantically malformed output values and delivers it to a victim via a phishing email or a compromised file-sharing link. When the victim opens the file in an unpatched version of Foxit PDF Reader or Editor, the rendering engine processes the color space function without validating its output, generating an illegal pointer that triggers an out-of-bounds read and crashes the application. … |
| Remediation | Users should visit the Foxit security bulletins page at https://www.foxit.com/support/security-bulletins.html and upgrade to the latest patched release for their installed branch - no specific fixed version number was confirmed in the available intelligence, so consulting the vendor advisory directly is required to identify the exact target version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42198
GHSA-v89h-gff2-h39j