CVE-2025-66499

Published Dec 19, 2025

Last updated 2 months ago

CVSS high 7.8

Overview

Description: A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
Source: 14984358-7092-470d-8f34-ade47a7658a2
NVD status: Analyzed
Products: pdf_editor, pdf_reader

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

14984358-7092-470d-8f34-ade47a7658a2: CWE-190

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "AAE67A0F-4DFE-4268-90D5-789CCA2155A6",
            "versionEndIncluding": "13.2.1.23955",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F1694C31-1717-40B3-9E11-773E39F288A8",
            "versionEndIncluding": "14.0.1.33197",
            "versionStartIncluding": "14.0.0.33046",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64",
            "versionEndIncluding": "2023.3.0.23028",
            "versionStartIncluding": "2023.1.0.15510",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580",
            "versionEndIncluding": "2024.4.1.27687",
            "versionStartIncluding": "2024.1.0.23997",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4AC7F7F1-B05D-48C7-9DD3-CFC7CBA2E275",
            "versionEndIncluding": "2025.2.1.33197",
            "versionStartIncluding": "2025.1.0.27937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "538915D1-1531-44A8-B15D-BCFE1356BCB5",
            "versionEndIncluding": "2025.2.1.33197",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "DF36C22F-253D-4ACE-A202-1BC66099FB43",
            "versionEndIncluding": "13.2.1.63315",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4EAD777E-152E-4870-8CFD-10A4ED542409",
            "versionEndIncluding": "14.0.1.69005",
            "versionStartIncluding": "14.0.0.33046",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8D41C109-FCCC-467D-AC01-37CE4106DC89",
            "versionEndIncluding": "2023.3.0.63083",
            "versionStartIncluding": "2023.1.0.15510",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A5CE4481-BEBB-4646-B235-DCE82AEBD265",
            "versionEndIncluding": "2024.4.1.66479",
            "versionStartIncluding": "2024.1.0.23997",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B0778A96-55FD-452C-88F5-EE42D2D8CE49",
            "versionEndIncluding": "2025.2.1.69005",
            "versionStartIncluding": "2025.1.0.27937",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "83D931C5-F081-441F-8B29-4FDD7B32327A",
            "versionEndIncluding": "2025.2.1.69005",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References