Description
The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application.
Published: 2026-07-08
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Foxit PDF Editor and Reader allow a cloud‑like rendering process to grow an internal array without bounding or consistency checks. A maliciously crafted PDF can trigger an out‑of‑bounds array write that causes the application to crash. The vulnerability does not provide a direct code‑execution path, but can be leveraged to disrupt the user’s workflow and potentially write arbitrary memory if additional unprotected writes exist.

Affected Systems

Foxit Software Inc. products: Foxit PDF Editor and Foxit PDF Reader. No specific impacted versions are listed by the CNA; users should ensure the most recent release is in use.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity for local impact. Because the attack vector requires a user to open a malicious PDF file, the risk is highest on machines that frequently process untrusted documents. EPSS information is not available, and the vulnerability is not in the CISA KEV catalog, suggesting no known widespread exploitation at this time.

Generated by OpenCVE AI on July 8, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Foxit PDF Editor or Reader release containing the fix for this buffer overflow
  • If a patch is unavailable, avoid opening PDFs from untrusted or unknown sources until the vendor issues a correction
  • Regularly check Foxit’s security bulletins at https://www.foxit.com/support/security-bulletins.html for update announcements

Generated by OpenCVE AI on July 8, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 08:30:00 +0000

Type Values Removed Values Added
Description The application opens a PDF, but the cloud-like appearance of the construction process lacks proper setting of an upper limit and consistency checks. Out-of-bounds access to the underlying array is exposed, ultimately leading to a crash of the application.
Title Foxit PDF Editor/Reader Cloud Appearance Buffer Overflow Vulnerability
Weaknesses CWE-129
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Foxit

Published:

Updated: 2026-07-08T12:41:07.653Z

Reserved: 2026-06-24T03:01:18.717Z

Link: CVE-2026-57251

cve-icon Vulnrichment

Updated: 2026-07-08T12:40:57.720Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T15:15:04Z

Weaknesses
  • CWE-129

    Improper Validation of Array Index