CVSS 7.8 · HIGH
CVE-2026-5941
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
Ver en NVDAnálisis
Foxit PDF Reader and Editor are vulnerable to memory corruption when processing specially crafted PDF documents with malformed form fields. Opening a malicious file could lead to application crashes or potentially allow an attacker to execute arbitrary code on the victim's machine.
Severidad
Puntaje: 7.8(HIGH)
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAV: LOCAL
AC: LOW
PR: NONE
UI: REQUIRED
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-20NVD-CWE-noinfoEPSS
Probabilidad de explotación (próx. 30 días): 0.0003 (0.0%)
Percentil: 8.3%
EPSS: 2026-05-06
Afecta
foxit:pdf_editorfoxit:pdf_readerDescripción técnica
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
Publicada: 27/4/2026, 12:16:24
Última modificación: 29/4/2026, 17:24:15