CVE-2025-66499
published 2025-12-19CVE-2025-66499: A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxit | pdf_editor | <= 13.2.1.23955 | — |
| foxit | pdf_editor | <= 13.2.1.63315 | — |
| foxit | pdf_editor | 14.0.0.33046 – 14.0.1.33197 | — |
| foxit | pdf_editor | 14.0.0.33046 – 14.0.1.69005 | — |
| foxit | pdf_editor | 2023.1.0.15510 – 2023.3.0.23028 | — |
| foxit | pdf_editor | 2023.1.0.15510 – 2023.3.0.63083 | — |
| foxit | pdf_editor | 2024.1.0.23997 – 2024.4.1.27687 | — |
| foxit | pdf_editor | 2024.1.0.23997 – 2024.4.1.66479 | — |
| foxit | pdf_editor | 2025.1.0.27937 – 2025.2.1.33197 | — |
| foxit | pdf_editor | 2025.1.0.27937 – 2025.2.1.69005 | — |
| foxit | pdf_reader | <= 2025.2.1.33197 | — |
| foxit | pdf_reader | <= 2025.2.1.69005 | — |
| foxit_software_inc | foxit_pdf_editor | — | — |
| foxit_software_inc | foxit_pdf_editor | — | — |
| foxit_software_inc | foxit_pdf_editor | — | — |
| foxit_software_inc | foxit_pdf_reader | — | — |
| foxit_software_inc | foxit_pdf_reader | — | — |
| foxit_software_inc | foxit_pdf_reader | — | — |