Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-55314

Опубликовано: 11 дек. 2025
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
Версия до 13.1.7.23637 (включая)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
Версия от 2023.1.0.15510 (включая) до 2023.3.0.23028 (включая)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
Версия от 2024.1.0.23997 (включая) до 2024.4.1.27687 (включая)
cpe:2.3:a:foxit:pdf_editor:2025.1.0.27937:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
Версия до 2025.1.0.27937 (включая)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 1%
0.0001
Низкий

7.8 High

CVSS3

Дефекты

CWE-476

Связанные уязвимости

github логотип

GHSA-4hc9-w772-rxj2

CVSS3: 7.8
github
около 2 месяцев назад

An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.

EPSS

Процентиль: 1%
0.0001
Низкий

7.8 High

CVSS3

Дефекты

CWE-476