Description
During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes.
Published: 2026-07-08
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises during the parsing of PRC files in Foxit PDF applications, where a missing boundary check allows an out‑of‑bounds read of the PRC entity array. This causes the application to crash, resulting in a denial of service on the affected system. The weakness is a classic out‑of‑bounds read (CWE‑125). Since the flaw merely leads to a crash and does not expose data or enable code execution, it does not directly compromise confidentiality or integrity. It can, however, disrupt business processes if malicious PDFs are opened.

Affected Systems

Foxit Software Inc. products: Foxit PDF Editor and Foxit PDF Reader. Version information was not provided in the advisory, so all releases prior to a future update that addresses the issue remain vulnerable.

Risk and Exploitability

The CVSS score of 6.1 classifies this as a medium severity weakness. The EPSS metric is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no known active exploitation has been reported. The most likely attack vector is an adversary supplying a specially crafted PDF that contains a malicious PRC section, which will be processed when a user opens the document. Because the fault causes a crash, the impact is limited to service disruption rather than remote code execution.

Generated by OpenCVE AI on July 8, 2026 at 15:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Foxit’s security bulletin page for any available patch or update for Foxit PDF Editor and Reader.
  • Upgrade to the latest version of the affected product once a fix is released.
  • Avoid opening PDF files from untrusted or unknown sources and configure the application to use a sandboxed or restricted mode if possible.

Generated by OpenCVE AI on July 8, 2026 at 15:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 08:30:00 +0000

Type Values Removed Values Added
Description During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes.
Title Security vulnerability in Foxit PDF Editor/Reader — PRC 3D BRep Renderer Heap OOB Read
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Foxit

Published:

Updated: 2026-07-08T12:39:33.187Z

Reserved: 2026-06-24T03:01:24.249Z

Link: CVE-2026-57257

cve-icon Vulnrichment

Updated: 2026-07-08T12:39:30.149Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T15:15:04Z

Weaknesses