CVE-2026-57248

Summary

When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release.

Affected Software

VendorProductVersion RangeStatus
Foxit Software Inc.Foxit PDF EditorVersions 2026.1.1 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 14.0.4 and earlieraffected
Foxit Software Inc.Foxit PDF EditorVersions 13.2.4 and earlieraffected
Foxit Software Inc.Foxit PDF ReaderVersions 2026.1.1 and earlieraffected

Weaknesses

  • CWE-763: CWE-763 Release of invalid pointer or reference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References