7.8

CVE-2025-66497

Medienbericht

Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FoxitPdf Editor Version <= 13.2.1.23955
   MicrosoftWindows Version-
FoxitPdf Editor Version >= 14.0.0.33046 <= 14.0.1.33197
   MicrosoftWindows Version-
FoxitPdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028
   MicrosoftWindows Version-
FoxitPdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687
   MicrosoftWindows Version-
FoxitPdf Editor Version >= 2025.1.0.27937 <= 2025.2.1.33197
   MicrosoftWindows Version-
FoxitPdf Reader Version <= 2025.2.1.33197
   MicrosoftWindows Version-
FoxitPdf Editor Version <= 13.2.1.63315
   ApplemacOS Version-
FoxitPdf Editor Version >= 14.0.0.33046 <= 14.0.1.69005
   ApplemacOS Version-
FoxitPdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.63083
   ApplemacOS Version-
FoxitPdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.66479
   ApplemacOS Version-
FoxitPdf Editor Version >= 2025.1.0.27937 <= 2025.2.1.69005
   ApplemacOS Version-
FoxitPdf Reader Version <= 2025.2.1.69005
   ApplemacOS Version-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.072
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
14984358-7092-470d-8f34-ade47a7658a2 5.3 1.8 3.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
19.12.2025 12:18
https://www.foxit.com/support/security-bulletins.html
Vendor Advisory