Primary

Context

Foxit PDF and Editor Out-of-Bounds Read Vulnerability Leading to Memory Corruption and Arbitrary Code Execution

Vulnerability

A vulnerability exists in Foxit PDF Reader and Foxit PDF Editor for Windows, affecting versions prior to 13.2 and 2025 prior to 2025.2. The issue arises when pages in a PDF are deleted via JavaScript, causing the application to improperly update internal states. This mismanagement leads to a dereference of invalid or released memory, which can result in memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

Impact

Exploitation of this vulnerability can cause memory corruption and application crashes, with a potential for arbitrary code execution.

Remediation

Users can update to Foxit PDF Reader 2025.2.1 or Foxit PDF Editor 2025.2.1/14.0.1/13.2.1. Instructions for updating are available on the Foxit website.

Added: Dec 11, 2025, 4:25 PM

Updated: Dec 11, 2025, 4:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Foxit PDF and Editor Out-of-Bounds Read Vulnerability Leading to Memory Corruption and Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating