CVE-2026-5942
Received
Received - Intake
Use-After-Free in Page Lifecycle Causes Application Crash
Publication date: 2026-04-27
Last updated on: 2026-04-29
Assigner: Foxit
Description
Description
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foxit | pdf_editor | to 13.2.4 (exc) |
| foxit | pdf_editor | From 14.0.0 (inc) to 14.0.4 (exc) |
| foxit | pdf_editor | From 2023.0.0 (inc) to 2026.1.1 (exc) |
| foxit | pdf_reader | to 2026.1.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves flaws in page lifecycle management that cause changes in the document structure to desynchronize the internal states of components. As a result, subsequent operations may attempt to access objects that have been invalidated, leading to program crashes.
How can this vulnerability impact me? :
The impact of this vulnerability is primarily the crashing of the affected program due to attempts to access invalidated objects. This can lead to denial of service or disruption of normal operations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70