Skip to main content

Foxit PDF Reader EUVDEUVD-2026-42198

| CVE-2026-57255 MEDIUM
Out-of-bounds Read (CWE-125)
2026-07-08 Foxit GHSA-v89h-gff2-h39j
6.1
CVSS 3.1 · Vendor: Foxit
Share

Severity by source

Vendor (Foxit) PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
vuln.today AI
6.1 MEDIUM

File-based delivery requires local open (AV:L, UI:R); no credentials needed (PR:N); crash dominates impact (A:H) with minor memory-leak risk (C:L); no integrity or scope change.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Foxit).

CVSS VectorVendor: Foxit

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 08, 2026 - 09:27 vuln.today

DescriptionCVE.org

The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application.

AnalysisAI

Out-of-bounds read in Foxit PDF Editor and Foxit PDF Reader crashes the application and exposes limited memory contents when a victim opens a specially crafted PDF embedding a semantically malformed color space function. Affected versions span multiple branches across both Editor and Reader products, confirmed through EUVD-2026-42198. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft PDF with malformed color space function
Delivery
Deliver document via phishing or web lure
Exploit
Victim opens PDF in Foxit PDF Editor or Reader
Execution
Application processes abnormal color space without output validation
Persist
Unvalidated function output produces illegal pointer
Impact
Out-of-bounds read crashes application and potentially exposes memory

Vulnerability AssessmentAI

Exploitation The target must actively open a specially crafted PDF file containing an abnormal color space definition that references a valid but semantically malformed function object, using an affected version of Foxit PDF Editor (13.2.4 and earlier, 14.0.4 and earlier, or 2026.1.1 and earlier) or Foxit PDF Reader (2026.1.1 and earlier). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 6.1 Medium with vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H accurately reflects the file-based, user-interaction-dependent nature of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker constructs a PDF document that embeds a color space definition referencing a specially crafted function with semantically malformed output values and delivers it to a victim via a phishing email or a compromised file-sharing link. When the victim opens the file in an unpatched version of Foxit PDF Reader or Editor, the rendering engine processes the color space function without validating its output, generating an illegal pointer that triggers an out-of-bounds read and crashes the application. …
Remediation Users should visit the Foxit security bulletins page at https://www.foxit.com/support/security-bulletins.html and upgrade to the latest patched release for their installed branch - no specific fixed version number was confirmed in the available intelligence, so consulting the vendor advisory directly is required to identify the exact target version. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-57240 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg

CVE-2026-13126 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows

CVE-2026-13127 HIGH
7.8 Jul 08

Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re

CVE-2026-13128 HIGH
7.8 Jul 08

Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a

CVE-2026-13129 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack

CVE-2026-57238 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the

CVE-2026-57242 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4

CVE-2026-57245 HIGH
7.8 Jul 08

Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac

CVE-2026-57246 HIGH
7.8 Jul 08

Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr

CVE-2026-57248 HIGH
7.8 Jul 08

Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe

CVE-2026-57249 HIGH
7.8 Jul 08

Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application

CVE-2026-57251 HIGH
7.8 Jul 08

Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st

Share

EUVD-2026-42198 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy