PDF Reader
CVEs (473)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-66497 | 0.00 | — | 0.00 | Dec 19, 2025 | A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting… | |||
| CVE-2025-66496 | 0.00 | — | 0.00 | Dec 19, 2025 | A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting… | |||
| CVE-2025-66495 | 0.00 | — | 0.00 | Dec 19, 2025 | A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or… | |||
| CVE-2025-66494 | 0.00 | — | 0.00 | Dec 19, 2025 | A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute… | |||
| CVE-2025-66493 | 0.00 | — | 0.00 | Dec 19, 2025 | A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed… | |||
| CVE-2025-55314 | 0.00 | — | 0.00 | Dec 11, 2025 | An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states… | |||
| CVE-2025-55307 | 0.00 | — | 0.00 | Dec 11, 2025 | An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing… | |||
| CVE-2025-55312 | 0.00 | — | 0.00 | Dec 11, 2025 | An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid,… | |||
| CVE-2025-59802 | 0.00 | — | 0.00 | Dec 11, 2025 | Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF… | |||
| CVE-2025-59803 | 0.00 | — | 0.00 | Dec 11, 2025 | Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the… | |||
| CVE-2025-55313 | 0.00 | — | 0.00 | Dec 11, 2025 | An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after… | |||
| CVE-2025-9330 | 0.00 | — | 0.00 | Sep 2, 2025 | Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute… | |||
| CVE-2025-9323 | 0.00 | — | 0.00 | Sep 2, 2025 | Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in… | |||
| CVE-2025-9324 | 0.00 | — | 0.00 | Sep 2, 2025 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in… | |||
| CVE-2025-9325 | 0.00 | — | 0.00 | Sep 2, 2025 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in… | |||
| CVE-2025-9326 | 0.00 | — | 0.00 | Sep 2, 2025 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2025-9327 | 0.00 | — | 0.00 | Sep 2, 2025 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in… | |||
| CVE-2025-9328 | 0.00 | — | 0.00 | Sep 2, 2025 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2025-9329 | 0.00 | — | 0.00 | Sep 2, 2025 | Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the… | |||
| CVE-2024-12753 | 0.00 | — | 0.00 | Dec 30, 2024 | Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system… |
- CVE-2025-66497Dec 19, 2025risk 0.00cvss —epss 0.00
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting…
- CVE-2025-66496Dec 19, 2025risk 0.00cvss —epss 0.00
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting…
- CVE-2025-66495Dec 19, 2025risk 0.00cvss —epss 0.00
A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed or…
- CVE-2025-66494Dec 19, 2025risk 0.00cvss —epss 0.00
A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute…
- CVE-2025-66493Dec 19, 2025risk 0.00cvss —epss 0.00
A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been freed may be accessed…
- CVE-2025-55314Dec 11, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states…
- CVE-2025-55307Dec 11, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query() with a crafted cDIPath parameter (e.g., "/") may cause an out-of-bounds read in internal path-parsing…
- CVE-2025-55312Dec 11, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid,…
- CVE-2025-59802Dec 11, 2025risk 0.00cvss —epss 0.00
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF…
- CVE-2025-59803Dec 11, 2025risk 0.00cvss —epss 0.00
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the…
- CVE-2025-55313Dec 11, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after…
- CVE-2025-9330Sep 2, 2025risk 0.00cvss —epss 0.00
Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute…
- CVE-2025-9323Sep 2, 2025risk 0.00cvss —epss 0.00
Foxit PDF Reader JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in…
- CVE-2025-9324Sep 2, 2025risk 0.00cvss —epss 0.00
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in…
- CVE-2025-9325Sep 2, 2025risk 0.00cvss —epss 0.00
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in…
- CVE-2025-9326Sep 2, 2025risk 0.00cvss —epss 0.00
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…
- CVE-2025-9327Sep 2, 2025risk 0.00cvss —epss 0.00
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in…
- CVE-2025-9328Sep 2, 2025risk 0.00cvss —epss 0.00
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…
- CVE-2025-9329Sep 2, 2025risk 0.00cvss —epss 0.00
Foxit PDF Reader PRC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the…
- CVE-2024-12753Dec 30, 2024risk 0.00cvss —epss 0.00
Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system…
Page 4 of 24