Impact
Foxit PDF Editor and Reader allow JavaScript in PDF files to write annotation attributes without adequate object type and argument validation. This flaw corrupts the internal annotation structure, causing the application to crash when those annotations are released. The vulnerability results in an application crash, which constitutes a denial‑of‑service condition. The weakness corresponds to CWE‑763, Improper Release of Resource after Release.
Affected Systems
The affected vendors are Foxit Software Inc. The impacted products are Foxit PDF Editor and Foxit PDF Reader. No specific version information is supplied in the current advisory, so all released versions of these products may be vulnerable until a patch is issued.
Risk and Exploitability
The CVSS score is 7.8, indicating a high severity. No EPSS value is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited in the wild. The likely attack route is the delivery of a malicious PDF containing JavaScript that manipulates annotation attributes. If a user opens such a file, the flaw would be triggered, leading to a crash. Therefore, attackers could use this vulnerability to disrupt desktop users or automate denial‑of‑service attacks within an environment that trusts PDF files.
OpenCVE Enrichment