Platform
windows
Component
foxit-pdf-editor
Fixed in
2025.3.1
14.0.3
13.2.3
2025.3.1
CVE-2026-3777 describes a Use-After-Free vulnerability affecting Foxit PDF Editor versions up to 2025.3. This flaw arises from insufficient validation of view cache pointers after JavaScript modifications to document zoom and page state. Successful exploitation could lead to arbitrary code execution, allowing attackers to compromise the system. A patch is available from Foxit.
An attacker could exploit this vulnerability by crafting malicious JavaScript within a PDF document. This script would manipulate the document's zoom level and trigger a page change, creating a scenario where a view object is prematurely destroyed while stale pointers remain active. Subsequent dereferencing of these stale pointers results in a use-after-free condition. This condition can be leveraged to overwrite memory regions, potentially allowing the attacker to inject and execute arbitrary code on the affected system. The blast radius extends to any user opening the malicious PDF, and the impact could range from information theft to complete system compromise. While no direct precedent is immediately apparent, the use-after-free nature of the vulnerability aligns with common exploitation techniques used in other PDF parsing libraries.
CVE-2026-3777 was publicly disclosed on 2026-04-01. The vulnerability's severity is rated as MEDIUM (CVSS 5.5). As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability has not been added to the CISA KEV catalog. Active exploitation campaigns are currently unconfirmed, but the potential for exploitation exists given the availability of PDF editing tools and the complexity of PDF parsing.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-3777 is to upgrade to a patched version of Foxit PDF Editor. Foxit has released a fix, and users are strongly advised to apply it promptly. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing temporary workarounds. While a WAF or proxy cannot directly prevent this client-side vulnerability, strict content security policies (CSP) within the PDF viewer could limit the impact of malicious JavaScript. Disable JavaScript execution within Foxit PDF Editor if it is not essential for your workflow. Regularly scan PDF documents from untrusted sources for malicious content using antivirus or sandboxing solutions.
Update Foxit PDF Editor/Reader to the latest available version. This will fix the use-after-free vulnerability that could allow arbitrary code execution.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3777 is a medium-severity vulnerability in Foxit PDF Editor versions 2025.3 and earlier. It allows for potential arbitrary code execution through crafted JavaScript manipulating zoom and page state.
You are affected if you are using Foxit PDF Editor versions 2025.3 or earlier. Check your version and upgrade as soon as possible.
Upgrade to the latest version of Foxit PDF Editor, which includes a patch for this vulnerability. If upgrading is not immediately possible, consider temporary workarounds like disabling JavaScript.
Active exploitation campaigns are currently unconfirmed, but the potential for exploitation exists given the nature of the vulnerability.
Refer to the official Foxit security advisory for detailed information and the latest updates on this vulnerability. Check the Foxit website for security announcements.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.