CVE-2026-5941
Invalid Memory Write in Form Field Parsing Causes Program Crash
Publication date: 2026-04-27
Last updated on: 2026-04-29
Assigner: Foxit
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_editor | From 14.0.0 (inc) to 14.0.4 (exc) |
| foxit | pdf_editor | From 2023.0.0 (inc) to 2026.1.1 (exc) |
| foxit | pdf_reader | to 2026.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by flaws in the parsing logic that lead to non-signature data being incorrectly identified as valid signatures. This happens when processing malformed form field hierarchies, which results in invalid memory writes and program crashes during the construction of internal data structures.
How can this vulnerability impact me? :
The vulnerability can cause program crashes and invalid memory writes, which may lead to denial of service or potentially allow an attacker to execute arbitrary code or corrupt data. The CVSS score indicates high impact on confidentiality, integrity, and availability.