Description
The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes.
Published: 2026-07-08
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is triggered when Foxit PDF Editor or Reader processes a PDF file containing a malformed PRC 3D stream. The parser incorrectly trusts the constructed file structure and assumes that the underlying array contains elements, leading to an out‑of‑bounds read. This read does not disclose data but crashes the application, resulting in a denial of service. The weakness corresponds to a buffer over‑read (CWE‑125). Foxit Software Inc.’s PDF Editor and PDF Reader products are affected. Version information is not disclosed in the advisory, so any installed instance could be vulnerable until a vendor‑issued patch or upgrade is applied. With a CVSS score of 6.1, the vulnerability falls into the moderate range. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no known exploit activity. Attackers would need to supply a crafted PDF file to the vulnerable application, which is typically a local or remote user‑initiated action. Because the flaw only causes an application crash and does not provide code execution, the risk is limited to service disruption.

Affected Systems

Foxit Software Inc. Foxit PDF Editor and Foxit Software Inc. Foxit PDF Reader are affected. Version information is not available.

Risk and Exploitability

The CVSS score of 6.1 places this vulnerability in the moderate risk category. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, implying no widespread or known exploitation. Attackers would need to supply a crafted PDF file containing a malformed PRC 3D stream, so the threat vector is local or remote file opening. Because the vulnerability leads only to an application crash, it does not provide code execution or data disclosure, limiting the impact to service disruption.

Generated by OpenCVE AI on July 8, 2026 at 15:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Foxit PDF Editor or Reader update once a vendor‑issued patch is available.
  • Configure the system or application to block opening of PDFs from untrusted sources until a fix is released.
  • Monitor application crash logs and apply any subsequent patches as soon as they are issued.

Generated by OpenCVE AI on July 8, 2026 at 15:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 08 Jul 2026 08:30:00 +0000

Type Values Removed Values Added
Description The PRC file header parsing logic trusts the constructed file structure description information, assumes that the underlying array contains elements and reads them, leading to out-of-bounds reads and application crashes.
Title Foxit PDF Editor/Reader Crash via Malformed PRC 3D Stream
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Foxit

Published:

Updated: 2026-07-08T12:40:12.497Z

Reserved: 2026-06-24T03:01:24.249Z

Link: CVE-2026-57258

cve-icon Vulnrichment

Updated: 2026-07-08T12:40:09.160Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T15:15:04Z

Weaknesses