CVE-2026-5942 Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability

Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...

CVE-2026-5942

CVE-2026-5942 affects Foxit PDF Editor/Reader with an AcroForm Signature Use-After-Free vulnerability. Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the applicat...

CVE-2026-5942 Foxit PDF Editor/Reader AcroForm Signature Use-After-Free Vulnerability

Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...

CVE-2026-5943 Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...

CVE-2026-5943

Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free vulnerability (CVE-2026-5943) is described as a remote code execution flaw caused by document structural anomalies that cause invalid pointer access when querying page information after scripts modify the document. The affected component ...

CVE-2026-5943 Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...

CVE-2026-5941 Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

CVE-2026-5941 Foxit PDF Editor/Reader AcroForm Signature Remote Code Execution Vulnerability

Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...

CVE-2026-5941

CVE-2026-5941 affects Foxit PDF Editor/Reader, specifically the AcroForm Signature processing. The issue is a parsing logic flaw where non-signature data can be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes...

Foxit PDF Reader AcroForm Signature Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit PDF Reader AcroForm Signature Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Exploit for Improper Encoding or Escaping of Output in Parall Jspdf

CVE-2026-25940 jsPDF PoC A proof-of-concept for CVE-2026-2594...

CVE-2026-25940

A flaw was found in jsPDF. The properties and methods of the Acroform module accept user input without sanitization, allowing an attacker to inject arbitrary PDF objects, such as JavaScript actions. Specifically, if an attacker can supply a specially crafted input to the...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by injecting malicious input into this property, which i...

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by...

jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which a...

GHSA-P5XG-68WR-HM3M jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which a...

CVE-2026-25940

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user ca...

CVE-2026-25940

CVE-2026-25940 affects jsPDF prior to 4.2.0 via the AcroForm module. Attackers could abuse RadioButton.createOption and the AS property to inject arbitrary PDF objects, including JavaScript actions, executed when a user hovers a radio option. The issue is fixed in jsPDF 4.2.0; apply the update or...

CVE-2026-25940 jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user ca...