Primary

Context

Foxit PDF Reader and Foxit PDF Editor Heap-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A heap-based buffer overflow vulnerability has been identified in Foxit PDF Reader and Foxit PDF Editor. This vulnerability arises in the PDF parsing component when the software processes specially crafted JBIG2 data. The issue is caused by an integer overflow in the calculation of the image buffer size, which could potentially allow a remote attacker to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to a crash of the application and allow for arbitrary code execution.

Remediation

Users can update to Foxit PDF Reader 2025.3 or Foxit PDF Editor 2025.3/14.0.2/13.2.2. Instructions for updating or downloading the latest versions are available on the Foxit website.

Added: Dec 19, 2025, 7:17 AM

Updated: Dec 19, 2025, 7:17 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Foxit PDF Reader and Foxit PDF Editor Heap-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Foxit PDF Reader

Foxit PDF Editor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating