Impact
The vulnerability is triggered when Foxit PDF Editor or Reader processes a PDF file containing a malformed PRC 3D stream. The parser incorrectly trusts the constructed file structure and assumes that the underlying array contains elements, leading to an out‑of‑bounds read. This read does not disclose data but crashes the application, resulting in a denial of service. The weakness corresponds to a buffer over‑read (CWE‑125). Foxit Software Inc.’s PDF Editor and PDF Reader products are affected. Version information is not disclosed in the advisory, so any installed instance could be vulnerable until a vendor‑issued patch or upgrade is applied. With a CVSS score of 6.1, the vulnerability falls into the moderate range. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no known exploit activity. Attackers would need to supply a crafted PDF file to the vulnerable application, which is typically a local or remote user‑initiated action. Because the flaw only causes an application crash and does not provide code execution, the risk is limited to service disruption.
Affected Systems
Foxit Software Inc. Foxit PDF Editor and Foxit Software Inc. Foxit PDF Reader are affected. Version information is not available.
Risk and Exploitability
The CVSS score of 6.1 places this vulnerability in the moderate risk category. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, implying no widespread or known exploitation. Attackers would need to supply a crafted PDF file containing a malformed PRC 3D stream, so the threat vector is local or remote file opening. Because the vulnerability leads only to an application crash, it does not provide code execution or data disclosure, limiting the impact to service disruption.
OpenCVE Enrichment