Impact
A PDF containing an abnormal color space invokes a semantically malformed function whose output is not validated. The function generates an illegal pointer; when the application later reads this value it performs an out‑of‑bounds memory read, leading to a crash. The flaw constitutes an out‑of‑bounds read (CWE‑125) and results in an application crash, which is a denial‑of‑service failure.
Affected Systems
The vulnerability affects Foxit Software Inc.’s PDF products, specifically Foxit PDF Editor and Foxit PDF Reader. No particular version range is provided in the advisory, so all releases that have not yet been confirmed patched should be considered at risk and reviewed.
Risk and Exploitability
With a CVSS score of 6.1 the vulnerability scores as moderate. No EPSS data or KEV listing is available. The flaw is exploitable when a user opens a malicious PDF file; the attacker does not gain elevated privileges or modify system state, but can cause the application to terminate. This user‑direct attack vector makes the risk contingent on the distribution of malicious PDFs, but the potential impact on service availability is clear.
OpenCVE Enrichment