Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
AV:L and UI:R reflect file-open delivery; PR:N as no attacker privileges needed; A:H for reliable crash; C:L for incidental out-of-bounds read disclosure.
Primary rating from Vendor (Foxit).
CVSS VectorVendor: Foxit
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing.
AnalysisAI
Out-of-bounds read in Foxit PDF Reader and PDF Editor allows a local attacker to crash the application and potentially disclose limited memory contents by delivering a specially crafted PDF containing a malformed image object. The vulnerability triggers when the renderer encounters an abnormal image object, causes it to enter an incorrect processing branch, and subsequently dereferences an invalid buffer pointer during scan line conversion. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must open a specially crafted PDF file containing a malformed image object using Foxit PDF Reader or Foxit PDF Editor on an affected version branch (Reader ≤ 2026.1.1; Editor ≤ 2026.1.1, ≤ 14.0.4, or ≤ 13.2.4). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.1 (Medium) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H accurately captures the constrained attack surface: exploitation requires the victim to open a locally-accessible file, and no privileges are required of the attacker, but user interaction is mandatory. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a PDF document embedding a malformed image object with abnormal metadata designed to direct the Foxit renderer into the vulnerable processing branch. The file is delivered to a target via email attachment or a file-sharing link, and when the victim opens it in Foxit PDF Reader or Editor, the renderer dereferences an invalid scan line buffer pointer, immediately crashing the application. … |
| Remediation | Consult the Foxit security bulletins page at https://www.foxit.com/support/security-bulletins.html for patched release versions for each affected branch - the input data does not supply explicit fixed version numbers beyond identifying 2026.1.1, 14.0.4, and 13.2.4 as the last affected versions, so the next incremental release in each branch should be applied. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Foxit Pdf Editor
View allUse-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor lets a crafted PDF containing JavaScript trigg
Use-after-free memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1/14.0.4 and earlier) allows
Denial-of-service (and potential memory-corruption) in Foxit PDF Editor (≤14.0.4 / ≤13.2.4 / ≤2026.1.1) and Foxit PDF Re
Denial-of-service in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1 and earlier) occurs when a victim opens a
Memory corruption in Foxit PDF Reader and Foxit PDF Editor (versions 2026.1.1, 13.2.4, 14.0.4 and earlier) allows attack
Memory corruption in Foxit PDF Reader and Foxit PDF Editor allows a crafted PDF to trigger a use-after-free through the
Use-after-free memory corruption in Foxit PDF Reader (2026.1.1 and earlier) and Foxit PDF Editor (through 14.0.4, 13.2.4
Memory corruption in Foxit PDF Reader (≤2026.1.1) and Foxit PDF Editor (≤14.0.4, ≤13.2.4, and ≤2026.1.1) allows an attac
Memory-corruption (buffer overflow) in Foxit PDF Reader and Foxit PDF Editor arises when the digital-signature plugin pr
Memory-corruption crash (and potential code execution) in Foxit PDF Reader and Foxit PDF Editor occurs when a PDF's embe
Use-after-free memory corruption in Foxit PDF Editor and Foxit PDF Reader allows a crafted PDF to crash the application
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-st
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42201
GHSA-p7jh-5fj9-qv9q