Impact
This vulnerability arises when a PDF containing an abnormal annotation that references other objects is parsed by Foxit PDF Editor or Foxit PDF Reader. Because the application does not perform proper type checking on the annotation, a malformed PDF can cause the program to crash. The failure to validate the annotation type maps to CWE-843. The resulting crash leads to a denial‑of‑service condition where the victim’s PDF viewer becomes unavailable.
Affected Systems
The issue affects both Foxit PDF Editor and Foxit PDF Reader, products distributed by Foxit Software Inc. No specific version range is listed in the advisory, implying that all released versions may be affected until a patch is applied.
Risk and Exploitability
The CVSS score of 7.8 classifies the flaw as high‑severity. Although the EPSS score is not published, the lack of listed KEV status suggests no widespread exploitation yet, yet attackers could still deliver malicious PDFs via email or the web, exploiting local user interaction to trigger the crash. Because the effect is only a crash, there is no direct code execution, but the high severity coupled with the ease of delivery makes it a significant risk for environments that rely on Foxit for document handling.
OpenCVE Enrichment