CVE-2026-3777

EPSS 0.02%
Veröffentlicht 01.04.2026 01:40:27
Zuletzt bearbeitet 14.04.2026 17:54:52
Quelle 14984358-7092-470d-8f34-ade47a
CVE-Watchlists
Login
Unerledigt
Login

Use after free of view cache in Foxit PDF Editor/Reader

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 12 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Pdf Editor Version <= 13.2.2.24014

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 14.0.0.33046 <= 14.0.2.33402

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2025.1.0.27937 <= 2025.3.0.35737

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Reader Version <= 2025.3.0.35737

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version <= 13.2.2.63349

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 14.0.0.68868 <= 14.0.2.69164

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 2023.1.0.55583 <= 2023.3.0.63083

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 2024.1.0.63682 <= 2024.4.1.66479

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 2025.1.0.66692 <= 2025.3.0.69570

Apple ≫ macOS Version-

Foxit ≫ Pdf Reader Version <= 2025.3.0.69570

Apple ≫ macOS Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.046

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
14984358-7092-470d-8f34-ade47a7658a2	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.foxit.com/support/security-bulletins.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-3777

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3777

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3777

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3777