CVE-2025-66499
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Reader | Versions 2025.2.1 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Reader | Versions 14.0.1 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Reader | Versions 13.2.1 and eariler | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 2025.2.1 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 14.0.1 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 13.2.1 and eariler | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.