CVE-2026-57246

Summary

When dealing with abnormally constructed objects, there is a lack of argument validation; JavaScript triggers signature verification, but the signature plugin does not perform validation when copying the abnormal string, causing the application to crash.

Affected Software

VendorProductVersion RangeStatus
Foxit Software Inc.Foxit PDF EditorVersions 2026.1.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 14.0.4 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 13.2.4 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 2026.1.1 and earlieraffected

Weaknesses

  • CWE-120: Buffer Copy without Checking Size of Input (CWE-120)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References