6.2
CVE-2026-3778
- EPSS 0.02%
- Veröffentlicht 01.04.2026 01:40:31
- Zuletzt bearbeitet 14.04.2026 17:50:53
- Quelle 14984358-7092-470d-8f34-ade47a
- CVE-Watchlists
- Unerledigt
Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Foxit ≫ Pdf Editor Version <= 13.2.2.24014
Foxit ≫ Pdf Editor Version >= 14.0.0.33046 <= 14.0.2.33402
Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028
Foxit ≫ Pdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687
Foxit ≫ Pdf Editor Version >= 2025.1.0.27937 <= 2025.3.0.35737
Foxit ≫ Pdf Reader Version <= 2025.3.0.35737
Foxit ≫ Pdf Editor Version <= 13.2.2.63349
Foxit ≫ Pdf Editor Version >= 14.0.0.68868 <= 14.0.2.69164
Foxit ≫ Pdf Editor Version >= 2023.1.0.55583 <= 2023.3.0.63083
Foxit ≫ Pdf Editor Version >= 2024.1.0.63682 <= 2024.4.1.66479
Foxit ≫ Pdf Editor Version >= 2025.1.0.66692 <= 2025.3.0.69570
Foxit ≫ Pdf Reader Version <= 2025.3.0.69570
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.034 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| 14984358-7092-470d-8f34-ade47a7658a2 | 6.2 | 2.5 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.