CVE-2026-57237
HIGH
7.8
CVSS 3.1
Description
When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application.
Metadata
Severity & Metrics
7.8
HIGH CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products (3)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Foxit Software Inc. | Foxit PDF Editor | Windows | Versions 2026.1.1 and earlier, Versions 14.0.4 and earlier, Versions 13.2.4 and earlier |
| Foxit Software Inc. | Foxit PDF Editor | MacOS | Versions 2026.1.1 and earlier, Versions 14.0.3 and earlier, Versions 13.2.3 and earlier |
| Foxit Software Inc. | Foxit PDF Reader | Windows,MacOS | Versions 2026.1.1 and earlier |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-416 | cna | CWE-416 Use after free |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.8 | HIGH | 3.1 | cna | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References (1)