CVE-2026-13127
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor | Versions 2026.1.1 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 14.0.4 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 13.2.4 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Reader | Versions 2026.1.1 and earlier | affected |
Weaknesses
- CWE-416: CWE-416 Use after free
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.