Description
The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application.
Published: 2026-07-08
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A PDF containing an abnormal color space invokes a semantically malformed function whose output is not validated. The function generates an illegal pointer; when the application later reads this value it performs an out‑of‑bounds memory read, leading to a crash. The flaw constitutes an out‑of‑bounds read (CWE‑125) and results in an application crash, which is a denial‑of‑service failure.

Affected Systems

The vulnerability affects Foxit Software Inc.’s PDF products, specifically Foxit PDF Editor and Foxit PDF Reader. No particular version range is provided in the advisory, so all releases that have not yet been confirmed patched should be considered at risk and reviewed.

Risk and Exploitability

With a CVSS score of 6.1 the vulnerability scores as moderate. No EPSS data or KEV listing is available. The flaw is exploitable when a user opens a malicious PDF file; the attacker does not gain elevated privileges or modify system state, but can cause the application to terminate. This user‑direct attack vector makes the risk contingent on the distribution of malicious PDFs, but the potential impact on service availability is clear.

Generated by OpenCVE AI on July 8, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Foxit PDF Editor and Foxit PDF Reader to the latest versions that contain the fixed color‑space handling logic.
  • Avoid opening PDFs from untrustworthy sources; consider disabling automatic execution of PDF content or using a sandbox viewer when dealing with unknown documents.
  • Regularly review Foxit’s security bulletins and apply any new patches or advisories as they become available.

Generated by OpenCVE AI on July 8, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 08:30:00 +0000

Type Values Removed Values Added
Description The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application.
Title Security vulnerability in Foxit PDF Editor/Reader — OOB Read via NaN-Bypass Clamp
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Foxit

Published:

Updated: 2026-07-08T12:46:48.415Z

Reserved: 2026-06-24T03:01:18.718Z

Link: CVE-2026-57255

cve-icon Vulnrichment

Updated: 2026-07-08T12:46:42.465Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T15:15:04Z

Weaknesses