Foxit Products Improper Input Validation Vulnerability Leading to Memory Corruption and Crashes
Vulnerability
A vulnerability exists in Foxit PDF Reader and Foxit PDF Editor for Windows, specifically in versions prior to 2026.1.0.36452, 2025.3.0.35737, 2024.4.1.27687, 2023.3.0.23028, 14.0.3.335002, 13.2.3.24041 and earlier. This vulnerability arises from parsing logic flaws that cause non-signature data to be incorrectly recognized as valid signatures when processing malformed form field hierarchies. This misidentification leads to invalid memory writes and program crashes during the construction of internal data structures. Attackers could exploit this vulnerability to execute arbitrary code.
Impact
Exploitation of this vulnerability could result in memory corruption, causing program crashes and potentially allowing for arbitrary code execution.
Remediation
Users can update to Foxit PDF Reader 2026.1.1 or Foxit PDF Editor 2026.1.1/14.0.4. Instructions for updating are available on the Foxit website.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.