High severityNVD Advisory· Published Aug 20, 2025· Updated Apr 15, 2026

CVE-2010-20010

Description

Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/foxit_title_bof.rbnvd
www.exploit-db.com/exploits/15514/nvd
www.exploit-db.com/exploits/15532nvd
www.exploit-db.com/exploits/16621nvd
www.foxit.com/pdf-reader/version-history.htmlnvd
www.vulncheck.com/advisories/foxit-pdf-reader-title-stack-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000