Description
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
Published: 2026-04-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Insufficient parameter verification in Foxit PDF Editor and Foxit PDF Reader allows a malformed PDF file to trigger format errors, which in turn cause an unhandled std::invalid_argument exception and force the program to terminate. This weakness corresponds to CWE‑248 and results in a denial‑of‑service condition for the user without directly compromising confidentiality or integrity.

Affected Systems

Affected products are Foxit PDF Editor and Foxit PDF Reader from Foxit Software Inc. No specific version numbers are available in the current data set.

Risk and Exploitability

The CVSS score of 5.5 represents a medium severity. The EPSS score of less than 1% indicates that exploitation is currently unlikely. The vulnerability is not listed in CISA’s KEV catalog. The most plausible attack vectors involve a remote attacker supplying a crafted PDF file that the user opens with the affected application, triggering the unhandled exception and terminating the program. Because the flaw stems from insufficient input validation, an attacker could trigger the denial‑of‑service simply by providing an improperly formatted file.

Generated by OpenCVE AI on April 28, 2026 at 19:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Foxit PDF Editor and Foxit PDF Reader to the latest patched versions when they become available.
  • Avoid opening PDF files from untrusted or unknown sources, and verify file integrity before launching the document.
  • Monitor application crashes and alert administrators when an unexpected termination occurs.

Generated by OpenCVE AI on April 28, 2026 at 19:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Foxit
Foxit pdf Editor
Foxit pdf Reader
CPEs cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
Vendors & Products Foxit
Foxit pdf Editor
Foxit pdf Reader

Tue, 28 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Foxitsoftware
Foxitsoftware foxit Pdf Editor
Foxitsoftware foxit Reader
Vendors & Products Foxitsoftware
Foxitsoftware foxit Pdf Editor
Foxitsoftware foxit Reader

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
Description Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
Title Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability
Weaknesses CWE-248
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Foxit Pdf Editor Pdf Reader
Foxitsoftware Foxit Pdf Editor Foxit Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: Foxit

Published:

Updated: 2026-04-27T13:42:51.578Z

Reserved: 2026-04-09T03:42:03.943Z

Link: CVE-2026-5937

cve-icon Vulnrichment

Updated: 2026-04-27T13:40:16.406Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-27T12:16:24.030

Modified: 2026-04-29T17:31:29.453

Link: CVE-2026-5937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:00:19Z

Weaknesses