CVE-2026-57243

Summary

During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash.

Affected Software

VendorProductVersion RangeStatus
Foxit Software Inc.Foxit PDF EditorVersions 2026.1.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 14.0.4 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 13.2.4 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 2026.1.1 and earlieraffected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References