CVE-2026-3778

Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

CVSS 6.2 MEDIUMEPSS 0.1%CWE-674

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Productos afectados

Foxit Software Inc. · Foxit PDF Editor Foxit Software Inc. · Foxit PDF Reader

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.foxit.com/support/security-bulletins.html