CVE-2026-57256
Foxit · Foxit PDF Editor
A use-after-free vulnerability in Foxit PDF Editor and Reader occurs when executing JavaScript that performs abnormal operations on list box fields, potentially leading to arbitrary code execution.
Executive summary
A critical use-after-free vulnerability in Foxit PDF Editor and Reader allows an attacker to execute arbitrary code or cause application crashes through malicious JavaScript in a PDF form.
Vulnerability
This vulnerability (CWE-416) involves improper handling of list box objects during JavaScript execution, specifically when forms are reset. An attacker can leverage this memory corruption to gain unauthorized control over the application process.
Business impact
With a CVSS score of 7.8, this flaw poses a significant risk to organizational assets. Exploitation can lead to the exfiltration of sensitive information contained within PDF documents or the compromise of the user's host machine, resulting in potential data breaches and loss of productivity.
Remediation
Immediate Action: Apply the latest security patches released by Foxit for both PDF Editor and PDF Reader to address the list box handling flaw.
Proactive Monitoring: Review application crash logs for patterns involving PDF form interaction or JavaScript execution failures.
Compensating Controls: Restrict the opening of untrusted PDF files from unknown sources and enforce organizational policies that disable JavaScript in PDF viewers.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Security teams must treat this vulnerability with high priority due to the risk of code execution. Ensure all endpoints with Foxit software are updated to the latest secure version and verify that automatic updates are enabled.