Impact
The vulnerability arises during the parsing of PRC files in Foxit PDF applications, where a missing boundary check allows an out‑of‑bounds read of the PRC entity array. This causes the application to crash, resulting in a denial of service on the affected system. The weakness is a classic out‑of‑bounds read (CWE‑125). Since the flaw merely leads to a crash and does not expose data or enable code execution, it does not directly compromise confidentiality or integrity. It can, however, disrupt business processes if malicious PDFs are opened.
Affected Systems
Foxit Software Inc. products: Foxit PDF Editor and Foxit PDF Reader. Version information was not provided in the advisory, so all releases prior to a future update that addresses the issue remain vulnerable.
Risk and Exploitability
The CVSS score of 6.1 classifies this as a medium severity weakness. The EPSS metric is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no known active exploitation has been reported. The most likely attack vector is an adversary supplying a specially crafted PDF that contains a malicious PRC section, which will be processed when a user opens the document. Because the fault causes a crash, the impact is limited to service disruption rather than remote code execution.
OpenCVE Enrichment