CVE-2026-3779

Medienbericht

Exploit

EPSS 0.02%
Veröffentlicht 01.04.2026 01:40:29
Zuletzt bearbeitet 28.04.2026 14:15:34
Quelle 14984358-7092-470d-8f34-ade47a
CVE-Watchlists
Login
Unerledigt
Login

Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 12 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Pdf Editor Version <= 13.2.2.24014

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 14.0.0.33046 <= 14.0.2.33402

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 2025.1.0.27937 <= 2025.3.0.35737

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Reader Version <= 2025.3.0.35737

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version <= 13.2.2.63349

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 14.0.0.68868 <= 14.0.2.69164

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 2023.1.0.55583 <= 2023.3.0.63083

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 2024.1.0.63682 <= 2024.4.1.66479

Apple ≫ macOS Version-

Foxit ≫ Pdf Editor Version >= 2025.1.0.66692 <= 2025.3.0.69570

Apple ≫ macOS Version-

Foxit ≫ Pdf Reader Version <= 2025.3.0.69570

Apple ≫ macOS Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
14984358-7092-470d-8f34-ade47a7658a2	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://thehackernews.com/2026/04/weekly-recap-axios-hack-chrome-0-day.html

Media Report

https://www.foxit.com/support/security-bulletins.html

Vendor Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2365

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-3779

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3779

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3779

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3779