CVE-2025-66499

HIGH

Foxit PDF Reader - Buffer Overflow

Title source: llm

Description

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

References (1)

[Vendor Advisory] https://www.foxit.com/support/security-bulletins.html

Scores

CVSS v3 7.8

EPSS 0.0008

EPSS Percentile 22.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-190

Status published

Products (2)

foxit/pdf_editor < 13.2.1.23955

foxit/pdf_reader < 2025.2.1.33197

Published Dec 19, 2025

Tracked Since Feb 18, 2026