Impact
Foxit PDF Editor and Reader allow a cloud‑like rendering process to grow an internal array without bounding or consistency checks. A maliciously crafted PDF can trigger an out‑of‑bounds array write that causes the application to crash. The vulnerability does not provide a direct code‑execution path, but can be leveraged to disrupt the user’s workflow and potentially write arbitrary memory if additional unprotected writes exist.
Affected Systems
Foxit Software Inc. products: Foxit PDF Editor and Foxit PDF Reader. No specific impacted versions are listed by the CNA; users should ensure the most recent release is in use.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity for local impact. Because the attack vector requires a user to open a malicious PDF file, the risk is highest on machines that frequently process untrusted documents. EPSS information is not available, and the vulnerability is not in the CISA KEV catalog, suggesting no known widespread exploitation at this time.
OpenCVE Enrichment