Foxit: Security Vulnerabilities
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-27
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-27
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-27
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-27
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-27
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-27
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-27
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-01
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-04-01
Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leading to forged signatures and compromising the integrity and authenticity of documents undergoing the signing process. The issue was caused by insufficient authorization validation on referenced resources during request processing.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-04-01
Page 1