CVE-2025-66496
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-19
Last updated on: 2025-12-23
Assigner: Foxit
Description
Description
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_editor | to 13.2.1.23955 (inc) |
| foxit | pdf_editor | From 14.0.0.33046 (inc) to 14.0.1.33197 (inc) |
| foxit | pdf_editor | From 2023.1.0.15510 (inc) to 2023.3.0.23028 (inc) |
| foxit | pdf_editor | From 2024.1.0.23997 (inc) to 2024.4.1.27687 (inc) |
| foxit | pdf_editor | From 2025.1.0.27937 (inc) to 2025.2.1.33197 (inc) |
| foxit | pdf_reader | to 2025.2.1.33197 (inc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
