Description
There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash.
Published: 2026-07-08
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability arises when a PDF containing an abnormal annotation that references other objects is parsed by Foxit PDF Editor or Foxit PDF Reader. Because the application does not perform proper type checking on the annotation, a malformed PDF can cause the program to crash. The failure to validate the annotation type maps to CWE-843. The resulting crash leads to a denial‑of‑service condition where the victim’s PDF viewer becomes unavailable.

Affected Systems

The issue affects both Foxit PDF Editor and Foxit PDF Reader, products distributed by Foxit Software Inc. No specific version range is listed in the advisory, implying that all released versions may be affected until a patch is applied.

Risk and Exploitability

The CVSS score of 7.8 classifies the flaw as high‑severity. Although the EPSS score is not published, the lack of listed KEV status suggests no widespread exploitation yet, yet attackers could still deliver malicious PDFs via email or the web, exploiting local user interaction to trigger the crash. Because the effect is only a crash, there is no direct code execution, but the high severity coupled with the ease of delivery makes it a significant risk for environments that rely on Foxit for document handling.

Generated by OpenCVE AI on July 8, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest security patch for Foxit PDF Editor and Foxit PDF Reader from the official Foxit support site.
  • Enable automatic updates for Foxit products so that future patches are applied automatically.
  • Restrict PDF opening privileges for untrusted users and employ email or web gateway filtering to block or quarantine suspicious PDFs.

Generated by OpenCVE AI on July 8, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 08:30:00 +0000

Type Values Removed Values Added
Description There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash.
Title Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability
Weaknesses CWE-843
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Foxit

Published:

Updated: 2026-07-08T12:46:02.325Z

Reserved: 2026-06-24T03:01:18.718Z

Link: CVE-2026-57254

cve-icon Vulnrichment

Updated: 2026-07-08T12:45:58.726Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T15:15:04Z

Weaknesses
  • CWE-843

    Access of Resource Using Incompatible Type ('Type Confusion')