Foxit Products Uncaught Exception and Insufficient Control Flow Management Vulnerability Leading to Denial-of-Service

A vulnerability exists in Foxit PDF Reader and Foxit PDF Editor for Windows, specifically in versions prior to 2026.1.1, 2025.3.0.35737, 2024.4.1.27687, 2023.3.0.23028, 14.0.3.335002, and 13.2.3.24041. This vulnerability is caused by insufficient parameter validation, which leads to format errors in files. These errors trigger an unhandled 'std::invalid_argument' exception, causing the program to crash. Additionally, improper control flow management can allow a crafted document action chain to disrupt the application's main thread, creating further stability issues.

Impact

Exploitation of this vulnerability can cause the application to crash or freeze, disrupting normal user activities. This behavior can be leveraged to launch a denial-of-service attack, causing prolonged unavailability of the application.

Remediation

Users can update to Foxit PDF Reader 2026.1.1 or Foxit PDF Editor 2026.1.1/14.0.4. Instructions for updating are available on the Foxit website. For Foxit PDF Editor versions 13.2.4, 14.0.3, and in the Mac versions of Foxit PDF Editor and Foxit PDF Reader, the latest versions can also be downloaded from the Foxit website.