CVE-2026-57256

Foxit · Foxit PDF Editor

A use-after-free vulnerability in Foxit PDF Editor and Reader occurs when executing JavaScript that performs abnormal operations on list box fields, potentially leading to arbitrary code execution.

Executive summary

A critical use-after-free vulnerability in Foxit PDF Editor and Reader allows an attacker to execute arbitrary code or cause application crashes through malicious JavaScript in a PDF form.

Vulnerability

This vulnerability (CWE-416) involves improper handling of list box objects during JavaScript execution, specifically when forms are reset. An attacker can leverage this memory corruption to gain unauthorized control over the application process.

Business impact

With a CVSS score of 7.8, this flaw poses a significant risk to organizational assets. Exploitation can lead to the exfiltration of sensitive information contained within PDF documents or the compromise of the user's host machine, resulting in potential data breaches and loss of productivity.

Remediation

Immediate Action: Apply the latest security patches released by Foxit for both PDF Editor and PDF Reader to address the list box handling flaw.

Proactive Monitoring: Review application crash logs for patterns involving PDF form interaction or JavaScript execution failures.

Compensating Controls: Restrict the opening of untrusted PDF files from unknown sources and enforce organizational policies that disable JavaScript in PDF viewers.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Security teams must treat this vulnerability with high priority due to the risk of code execution. Ensure all endpoints with Foxit software are updated to the latest secure version and verify that automatic updates are enabled.