Impact
The vulnerability stems from a type confusion in Foxit’s U3D Adobe Mesh Decompression routine. During the parsing of an abnormal Unity 3D object, the editor mistakenly treats part of the object as a pointer and dereferences it as a valid address. This leads to an invalid memory access that crashes the application. The primary impact is a denial‑of‑service condition, as users cannot continue working with the affected PDF file.
Affected Systems
Foxit Software Inc.’s PDF Editor and PDF Reader products are affected. The CVE record does not specify exact version ranges, so any installation running the vulnerable component before the available fix is potentially impacted.
Risk and Exploitability
The CVSS score of 7.8 indicates a high risk of exploitation, and while the EPSS score is unavailable, the vulnerability remains unlisted in CISA’s KEV catalog. The likely attack vector is a crafted PDF file opened by a user; an attacker can embed the malformed Unity 3D object and cause the application to crash. Because the failure is confined to the local user context, the exploitation does not grant code execution or privilege escalation, but it does allow denial of service and potential user productivity loss.
OpenCVE Enrichment