CVE-2026-57257 PUBLISHED

Security vulnerability in Foxit PDF Editor/Reader — PRC 3D BRep Renderer Heap OOB Read

Assigner: Foxit
Reserved: 24.06.2026 Published: 08.07.2026 Updated: 08.07.2026

During the PRC parsing stage, there is a lack of boundary verification for the PRC entity index, which leads to an out-of-bounds read of the entity array. As a result, the application crashes.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CVSS Score: 6.1

Product Status

Vendor Foxit Software Inc.
Product Foxit PDF Editor
Versions Default: unaffected
  • Version Versions 2026.1.1 and earlier is affected
  • Version Versions 14.0.4 and earlier is affected
  • Version Versions 13.2.4 and earlier is affected
Vendor Foxit Software Inc.
Product Foxit PDF Editor
Versions Default: unaffected
  • Version Versions 2026.1.1 and earlier is affected
  • Version Versions 14.0.3 and earlier is affected
  • Version Versions 13.2.3 and earlier is affected
Vendor Foxit Software Inc.
Product Foxit PDF Reader
Versions Default: unaffected
  • Version Versions 2026.1.1 and earlier is affected

Credits

  • Liang Zhu finder

References

Problem Types

  • CWE-125 Out-of-bounds read CWE

Impacts

  • Information Disclosure