Impact
The vulnerability arises when embedded JavaScript deletes pages, leaving annotations invalid. The application then attempts to write to these invalid annotations, causing a crash. The use‑after‑free can be exploited by a crafted PDF, potentially allowing remote code execution, as indicated by the vendor’s classification.
Affected Systems
Foxit PDF Editor and Foxit PDF Reader. No specific version information is provided by the known CNA.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity. No EPSS score is available, so the likelihood of exploitation is unknown. The vulnerability is not listed in CISA KEV. The attack vector is inferred to be local via a malicious PDF file supplied to the user or system.
OpenCVE Enrichment