CVE-2026-57242
HIGHFoxit PDF Editor/Reader Page Use-After-Free Vulnerability
Title source: cnaDescription
The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash.
References (1)
Core 1
Core References
Scores
CVSS v3
7.8
EPSS
0.0012
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-416
Status
published
Products (6)
foxit/pdf_editor
< 13.2.4.24048
foxit/pdf_reader
< 2026.1.1.36485
Foxit Software Inc./Foxit PDF Editor
Versions 13.2.4 and earlier
Foxit Software Inc./Foxit PDF Editor
Versions 14.0.4 and earlier
Foxit Software Inc./Foxit PDF Editor
Versions 2026.1.1 and earlier
Foxit Software Inc./Foxit PDF Reader
Versions 2026.1.1 and earlier
Published
Jul 08, 2026
Tracked Since
Jul 08, 2026