859 matches found
CVE-2026-57253
Technical details beyond the high-level description are not publicly available in the provided documents. Monitor for updates from Foxit security bulletins.
CVE-2026-57253 Foxit PDF Editor/Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...
CVE-2026-57252
CVE-2026-57252 affects Foxit PDF Editor/Reader when handling AcroForm operations during PDF loading—specifically during JavaScript-based page deletion and removal of attachment annotations. This triggers a use-after-free condition on invalid pointers within the attachment panel, causing the appli...
CVE-2026-57254 Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability
There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...
CVE-2026-57255 Security vulnerability in Foxit PDF Editor/Reader — OOB Read via NaN-Bypass Clamp
The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application...
CVE-2026-57255
CVE-2026-57255 affects Foxit PDF Editor/Reader. A PDF with an abnormal color space contains attributes referencing a semantically malformed function; the function’s output isn’t validated, leading to an illegal pointer read that accesses an out-of-bounds region and crashes the application. The de...
CVE-2026-57237 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...
CVE-2026-57247 Foxit PDF Editor/Reader Field Use-After-Free Vulnerability
The application re-enters the document structure via field processing and deletes the current page, and then continues using the field objects obtained before deletion, triggering an illegal read and crashing...
CVE-2026-57257 Security vulnerability in Foxit PDF Editor/Reader — PRC 3D BRep Renderer Heap OOB Read
During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes...
CVE-2026-57257
CVE-2026-57257 impacts Foxit PDF Editor/Reader (PRC 3D BRep Renderer). During PRC parsing, there is a boundary-verification flaw for the PRC entity index, causing an out-of-bounds read of the entity array and resulting in a crash. CVSS: 6.1 (Local, Low attack complexity, User interaction required...
CVE-2026-57260 Security vulnerability in Foxit PDF Editor/Reader — U3D Adobe Mesh Decompression (Type Confusion / Invalid Pointer Dereference)
The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...
CVE-2026-57260
Technical details are not publicly available in the provided documents. Monitor for updates.
Foxit PDF Editor < 14.0.5 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 14.0.5. It is, therefore affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the...
Foxit PDF Editor < 2026.1.2 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 2026.1.2. It is, therefore affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the...
Foxit PDF Editor < 13.2.5 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 13.2.5. It is, therefore affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the...
CVE-2026-57532
Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin , according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites...
CVE-2026-5937 Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalidargument" exception, ultimately causing the program to terminate...
CVE-2026-5937
CVE-2026-5937 is associated with Foxit PDF Editor/Reader and is caused by insufficient parameter verification that can lead to format errors in files. This triggers an unhandled std::invalid_argument exception, which results in the application terminating (denial of service). The available docume...
CVE-2026-5938
CVE-2026-5938 affects Foxit PDF Editor/Reader. A crafted document action chain can trigger improper control flow, causing modal dialogs to reenter on the main thread and leading to a UI freeze/denial of service. The description indicates an infinite loop-like behavior related to the dialog handli...