Foxit PDF Reader PRC File Parsing Out-of-Bounds Read Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Foxit PDF Reader versions 2025.1.0.27937 and earlier for Windows, as well as in Foxit PDF Editor for Mac versions 2025.1.0.66692 and earlier. This vulnerability arises from an out-of-bounds read issue when parsing PRC files, where improper validation of user-supplied data allows reading beyond the allocated buffer. Exploitation of this vulnerability requires user interaction, such as opening a malicious file or visiting a harmful webpage.

Impact

Exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system, with the executed code running in the context of the current process.

Remediation

Foxit has released updates to address this vulnerability. Users can download the latest version of Foxit PDF Reader from the Foxit website or update through the application's built-in update feature. For Foxit PDF Editor, the updated version is also available on the Foxit website or through the application's update function.