CVE-2026-3777
Use after free of view cache in Foxit PDF Editor/Reader
CVSS Score
5.5
EPSS Score
0.0%
EPSS Percentile
3th
The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution.
| CWE | CWE-416 |
| Vendor | foxit software inc. |
| Product | foxit pdf editor |
| Published | Apr 1, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for foxit software inc. foxit pdf editor
Be the first to know when new medium vulnerabilities affecting foxit software inc. foxit pdf editor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Foxit Software Inc. / Foxit PDF Editor
Versions 2025.3 and earlier Versions 14.0.2 and earlier Versions 13.2.2 and earlier
Foxit Software Inc. / Foxit PDF Reader
Versions 2025.3 and earlier
References
Credits
Suyue Guo from UCSB Seclab