CVE-2026-3779
Received Received - Intake
Use-After-Free in List Box Calculation Logic Allows Code Execution

Publication date: 2026-04-01

Last updated on: 2026-04-28

Assigner: Foxit

Description
The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3779
EUVD
EUVD-2026-17759
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
foxit pdf_editor From 2023.1.0.15510 (inc) to 2023.3.0.23028 (inc)
foxit pdf_editor From 2024.1.0.23997 (inc) to 2024.4.1.27687 (inc)
foxit pdf_editor to 13.2.2.24014 (inc)
foxit pdf_editor From 14.0.0.33046 (inc) to 14.0.2.33402 (inc)
foxit pdf_editor From 2025.1.0.27937 (inc) to 2025.3.0.35737 (inc)
foxit pdf_reader to 2025.3.0.35737 (inc)
foxit pdf_editor From 2023.1.0.55583 (inc) to 2023.3.0.63083 (inc)
foxit pdf_editor From 2024.1.0.63682 (inc) to 2024.4.1.66479 (inc)
foxit pdf_editor to 13.2.2.63349 (inc)
foxit pdf_editor From 14.0.0.68868 (inc) to 14.0.2.69164 (inc)
foxit pdf_editor From 2025.1.0.66692 (inc) to 2025.3.0.69570 (inc)
foxit pdf_reader to 2025.3.0.69570 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs because the application's list box calculate array logic retains stale references to page or form objects even after those objects are deleted or recreated.

As a result, when the calculation runs, crafted documents can trigger a use-after-free condition, which means the application tries to use memory that has already been freed.

This can potentially allow an attacker to execute arbitrary code on the affected system.

Compliance Impact

This vulnerability allows for potential arbitrary code execution through a use-after-free flaw in Foxit Reader when processing malicious PDF documents. Such a compromise can lead to unauthorized access, modification, or destruction of sensitive data.

Because the vulnerability impacts confidentiality, integrity, and availability of data (as indicated by the CVSS score), it can negatively affect compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive personal and health information against unauthorized access and breaches.

Exploitation of this vulnerability could result in data breaches or system compromise, potentially leading to violations of these regulations' requirements for data security and breach notification.

Detection Guidance

This vulnerability is triggered by opening a crafted malicious PDF file that contains JavaScript exploiting the use-after-free condition in Foxit Reader. Detection involves monitoring for suspicious PDF files with embedded JavaScript that calls functions like deletePages() or triggers Calculate event callbacks.

Since the vulnerability is local and requires user interaction, network detection might focus on identifying delivery of suspicious PDFs or monitoring endpoint behavior for crashes or access violations related to Foxit Reader.

Specific commands to detect exploitation attempts are not provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include avoiding opening untrusted or suspicious PDF documents, especially those received from unknown sources.

Update Foxit Reader to a version where this vulnerability is fixed, as the issue was confirmed in version 2025.3.0.35737 and likely addressed in subsequent releases.

Disable JavaScript execution within Foxit Reader if possible, to prevent malicious scripts embedded in PDFs from running.

Impact Analysis

This vulnerability can have serious impacts including the possibility of arbitrary code execution.

An attacker could exploit this to run malicious code on your system, potentially leading to data theft, system compromise, or disruption of services.

The CVSS score of 7.8 indicates a high severity with impacts on confidentiality, integrity, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3779. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart