CVE-2025-66499

Summary

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
Foxit Software Inc.Foxit PDF ReaderVersions 2025.2.1 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 14.0.1 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 13.2.1 and earileraffected
Foxit Software Inc.Foxit PDF EditorVersions 2025.2.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 14.0.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 13.2.1 and earileraffected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References