Foxit: >> Pdf Editor >> 2023.3.0.63083 Security Vulnerabilities
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-27
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-27
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-27
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-27
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-27
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-27
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-27
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-04-01
The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-01
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-04-01
Page 1