HIGHCVE-2026-3779Published Modified CNA Foxit
CVE-2026-3779: Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 2
Affected packages
- Foxit Software Inc. / Foxit PDF EditorVersions 2025.3 and earlier · Versions 14.0.2 and earlier · Versions 13.2.2 and earlier
- Foxit Software Inc. / Foxit PDF ReaderVersions 2025.3 and earlier
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences