CVE-2026-57237
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor | Versions 2026.1.1 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 14.0.4 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 13.2.4 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 2026.1.1 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 14.0.3 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Editor | Versions 13.2.3 and earlier | affected |
| Foxit Software Inc. | Foxit PDF Reader | Versions 2026.1.1 and earlier | affected |
Weaknesses
- CWE-416: CWE-416 Use after free
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.