10282 matches found
CVE-2026-13126 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...
CVE-2026-13126
CVE-2026-13126 affects Foxit PDF Editor/Reader due to a use-after-free in the handling of PDF annotations (embedded JavaScript). The issue can lead to a crash when the application attempts to write to an invalid popup annotation object, as described in the CVE description. CVSS 3.1 metrics indica...
CVE-2026-13127 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash...
CVE-2026-13127
CVE-2026-13127 concerns Foxit PDF Editor/Reader annotation handling. The description states that when opening a PDF, JavaScript rewrites the document to modify page structure, causing page objects to become invalid; thumbnails still reference the invalid objects, leading to a crash. The CVSS 3.1 ...
CVE-2026-13128 Foxit PDF Editor/Reader Doc Object Use-After-Free Remote Code Execution Vulnerability
Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...
CVE-2026-13128
CVE-2026-13128 affects Foxit PDF Editor/Reader with a use-after-free in the Doc Object when embedding JavaScript in a PDF, leading to application crash and potential remote code execution. The vulnerability impacts the document view’s properties after the page is deleted, enabling continued acces...
CVE-2026-57239 Foxit PDF Editor/Reader Local Privilege Escalation
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...
CVE-2026-57239
Foxit CVE-2026-57239 is a Local Privilege Escalation in Foxit PDF Editor/Reader where user‑controllable executables can be directly executed by high‑privilege processes, enabling a low‑privilege user to escalate to NT AUTHORITY\SYSTEM. CVSS 3.1 base score 8.2 (HIGH) with LOCAL attack vector, LOW ...
CVE-2026-57240 Foxit PDF Editor/Reader Form Field Use-After-Free Remote Code Execution Vulnerability
When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash...
CVE-2026-57240
CVE-2026-57240 affects Foxit PDF Editor/Reader: when opening a PDF, if JavaScript deletes form fields, the app may still reference old field pointers, causing a use-after-free and crash. The CVSS/metrics indicate a HIGH impact with local access, requiring user interaction. No explicit exploit det...
CVE-2026-13129 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...
CVE-2026-13129
CVE-2026-13129 affects Foxit PDF Editor/Reader (Annotation feature). The issue is a use-after-free in the handling of the PDF form field tree triggered by JavaScript during field traversal, which can leave the program with an invalid form object and lead to a crash, with potential remote code exe...
CVE-2026-57238 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash...
CVE-2026-57238
CVE-2026-57238 concerns Foxit PDF Editor/Reader, specifically an annotation use-after-free issue that enables a remote code execution vulnerability. The description states that after opening a PDF, JavaScript deletes a form field object; subsequently, the application accesses the invalid object, ...
CVE-2026-57241 Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability
The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...
CVE-2026-57241
CVE-2026-57241 affects Foxit PDF Editor/Reader. The issue arises when opening a PDF where JavaScript operations on the page/document desynchronize page-related objects, yet the renderer trusts an outdated page count, leading to an out-of-bounds access and application crash. CVSSv3.1 metrics indic...
CVE-2026-57242 Foxit PDF Editor/Reader Page Use-After-Free Vulnerability
The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...
CVE-2026-57242
Technical details are not publicly available in the provided documents for CVE-2026-57242; monitor Foxit security bulletins for updates on affected products, versions, impact, and remediation.
CVE-2026-57243 Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash...
CVE-2026-57243
CVE-2026-57243 affects Foxit PDF Editor/Reader. A JavaScript reentrancy during page opening and form formatting leads to an inconsistent document status and, with outdated page information, the application accesses invalid addresses, causing a crash. Current details describe the vulnerable operat...