CVE-2025-66496

Published Dec 19, 2025

Last updated 2 months ago

CVSS medium 5.3

Overview

Description: A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.
Source: 14984358-7092-470d-8f34-ade47a7658a2
NVD status: Analyzed
Products: pdf_editor, pdf_reader

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

14984358-7092-470d-8f34-ade47a7658a2: CWE-125
nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "AAE67A0F-4DFE-4268-90D5-789CCA2155A6",
            "versionEndIncluding": "13.2.1.23955",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F1694C31-1717-40B3-9E11-773E39F288A8",
            "versionEndIncluding": "14.0.1.33197",
            "versionStartIncluding": "14.0.0.33046",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64",
            "versionEndIncluding": "2023.3.0.23028",
            "versionStartIncluding": "2023.1.0.15510",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580",
            "versionEndIncluding": "2024.4.1.27687",
            "versionStartIncluding": "2024.1.0.23997",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4AC7F7F1-B05D-48C7-9DD3-CFC7CBA2E275",
            "versionEndIncluding": "2025.2.1.33197",
            "versionStartIncluding": "2025.1.0.27937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "538915D1-1531-44A8-B15D-BCFE1356BCB5",
            "versionEndIncluding": "2025.2.1.33197",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References