Foxit Software Inc. Foxit Pdf Editor vulnerabilities

CVE-2026-3774 [MEDIUM] CWE-200 CVE-2026-3774: The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to upd The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under spe

CVE-2026-3775 [HIGH] CWE-427 CVE-2026-3775: The application's update service, when checking for updates, loads certain system libraries from a s The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious libra

CVE-2026-3780 [HIGH] CWE-426 CVE-2026-3780: The application's installer runs with elevated privileges but resolves system executables and DLLs u The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalat

CVE-2026-3779 [HIGH] CWE-416 CVE-2026-3779: The application's list box calculate array logic keeps stale references to page or form objects afte The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.

CVE-2026-3776 [MEDIUM] CWE-476 CVE-2026-3776: The application does not validate the presence of required appearance (AP) data before accessing sta The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference a

CVE-2026-3777 [MEDIUM] CWE-416 CVE-2026-3777: The application does not properly validate the lifetime and validity of internal view cache pointers The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under craft

CVE-2026-3778 [MEDIUM] CWE-674 CVE-2026-3778: The application does not detect or guard against cyclic PDF object references while handling JavaScr The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.

CVE-2025-66499 [HIGH] CWE-190 CVE-2025-66499: A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when proces A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

CVE-2025-13941 [HIGH] CWE-732 CVE-2025-13941: A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. Dur A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which are later executed by the service, resulting in executio

CVE-2025-66497 [MEDIUM] CWE-125 CVE-2025-66497: A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to in A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

CVE-2025-66494 [HIGH] CWE-416 CVE-2025-66494: A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 1 A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code.

CVE-2025-66498 [MEDIUM] CWE-125 CVE-2025-66498: A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to in A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

CVE-2025-66495 [HIGH] CWE-416 CVE-2025-66495: A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1 A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary code.

CVE-2025-66496 [MEDIUM] CWE-125 CVE-2025-66496: A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to in A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

CVE-2025-66493 [HIGH] CWE-416 CVE-2025-66493: A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Edi A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or dereferenced, potentially allowing a remote attacker to execute arbitrary