CVE-2026-3779
Use-After-Free in List Box Calculation Logic Allows Code Execution
Publication date: 2026-04-01
Last updated on: 2026-04-28
Assigner: Foxit
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_editor | From 2023.1.0.15510 (inc) to 2023.3.0.23028 (inc) |
| foxit | pdf_editor | From 2024.1.0.23997 (inc) to 2024.4.1.27687 (inc) |
| foxit | pdf_editor | to 13.2.2.24014 (inc) |
| foxit | pdf_editor | From 14.0.0.33046 (inc) to 14.0.2.33402 (inc) |
| foxit | pdf_editor | From 2025.1.0.27937 (inc) to 2025.3.0.35737 (inc) |
| foxit | pdf_reader | to 2025.3.0.35737 (inc) |
| foxit | pdf_editor | From 2023.1.0.55583 (inc) to 2023.3.0.63083 (inc) |
| foxit | pdf_editor | From 2024.1.0.63682 (inc) to 2024.4.1.66479 (inc) |
| foxit | pdf_editor | to 13.2.2.63349 (inc) |
| foxit | pdf_editor | From 14.0.0.68868 (inc) to 14.0.2.69164 (inc) |
| foxit | pdf_editor | From 2025.1.0.66692 (inc) to 2025.3.0.69570 (inc) |
| foxit | pdf_reader | to 2025.3.0.69570 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because the application's list box calculate array logic retains stale references to page or form objects even after those objects are deleted or recreated.
As a result, when the calculation runs, crafted documents can trigger a use-after-free condition, which means the application tries to use memory that has already been freed.
This can potentially allow an attacker to execute arbitrary code on the affected system.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including the possibility of arbitrary code execution.
An attacker could exploit this to run malicious code on your system, potentially leading to data theft, system compromise, or disruption of services.
The CVSS score of 7.8 indicates a high severity with impacts on confidentiality, integrity, and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows for potential arbitrary code execution through a use-after-free flaw in Foxit Reader when processing malicious PDF documents. Such a compromise can lead to unauthorized access, modification, or destruction of sensitive data.
Because the vulnerability impacts confidentiality, integrity, and availability of data (as indicated by the CVSS score), it can negatively affect compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive personal and health information against unauthorized access and breaches.
Exploitation of this vulnerability could result in data breaches or system compromise, potentially leading to violations of these regulations' requirements for data security and breach notification.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered by opening a crafted malicious PDF file that contains JavaScript exploiting the use-after-free condition in Foxit Reader. Detection involves monitoring for suspicious PDF files with embedded JavaScript that calls functions like deletePages() or triggers Calculate event callbacks.
Since the vulnerability is local and requires user interaction, network detection might focus on identifying delivery of suspicious PDFs or monitoring endpoint behavior for crashes or access violations related to Foxit Reader.
Specific commands to detect exploitation attempts are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening untrusted or suspicious PDF documents, especially those received from unknown sources.
Update Foxit Reader to a version where this vulnerability is fixed, as the issue was confirmed in version 2025.3.0.35737 and likely addressed in subsequent releases.
Disable JavaScript execution within Foxit Reader if possible, to prevent malicious scripts embedded in PDFs from running.