Filtered by vendor Foxitsoftware Subscriptions
Filtered by product Foxit Reader Subscriptions
Total 420 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-57242 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 7.8 High
The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash.
CVE-2026-57241 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 6.1 Medium
The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds access.
CVE-2026-57238 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 7.8 High
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash.
CVE-2026-13129 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 7.8 High
When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer.
CVE-2026-57240 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 7.8 High
When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash.
CVE-2026-13128 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 7.8 High
Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application.
CVE-2026-13127 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 7.8 High
The application opens the PDF file. JavaScript then rewrites the document to modify the page structure, resulting in the invalidation of the page objects. However, the thumbnails still use the invalid page objects, ultimately causing the application to crash.
CVE-2026-13126 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 7.8 High
The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing.
CVE-2013-10068 3 Foxit, Foxit Software, Foxitsoftware 3 Reader, Reader, Foxit Reader 2026-05-25 N/A
Foxit Reader versions through 5.4.5.0114, including the bundled Foxit Reader Plugin 2.2.1.530, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a remote host, an overly long query string in the URL can overflow a buffer, allowing remote attackers to execute arbitrary code.
CVE-2026-5937 2 Foxit, Foxitsoftware 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more 2026-04-29 5.5 Medium
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
CVE-2026-5938 2 Foxit, Foxitsoftware 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more 2026-04-29 5.5 Medium
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
CVE-2026-5939 2 Foxit, Foxitsoftware 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more 2026-04-29 5.5 Medium
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
CVE-2026-5940 2 Foxit, Foxitsoftware 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more 2026-04-29 7.8 High
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
CVE-2026-5941 2 Foxit, Foxitsoftware 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more 2026-04-29 7.8 High
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
CVE-2026-5942 2 Foxit, Foxitsoftware 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more 2026-04-29 5.5 Medium
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
CVE-2026-5943 2 Foxit, Foxitsoftware 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more 2026-04-29 7.8 High
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.
CVE-2026-3779 4 Apple, Foxit, Foxitsoftware and 1 more 6 Macos, Pdf Editor, Pdf Reader and 3 more 2026-04-28 7.8 High
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
CVE-2026-3780 3 Foxit, Foxitsoftware, Microsoft 5 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 2 more 2026-04-28 7.3 High
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
CVE-2008-1104 1 Foxitsoftware 1 Foxit Reader 2026-04-23 N/A
Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.
CVE-2009-0191 1 Foxitsoftware 1 Foxit Reader 2026-04-23 N/A
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.