Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability

5.3 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Description

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

Basic Information

ID CVE-2025-66496

Source Foxit

Published Dec 19, 2025 at 07:10

Affected Product

Vendor Foxit Software Inc.

Product Foxit PDF Reader

Version Versions 2025.2.1 and earlier

Affected Versions Foxit Software Inc. Foxit PDF Reader Versions 2025.2.1 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 14.0.1 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 13.2.1 and eariler
Foxit Software Inc. Foxit PDF Editor Versions 2025.2.1 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 14.0.1 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 13.2.1 and eariler

CWE Classification

CWE-125

References

www.foxit.com /support/security-bulletins.html

{
    "lastseen": "",
    "description": "A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.",
    "published": "2025-12-19T07:10:13.239Z",
    "modified": "2025-12-19T07:10:13.239Z",
    "type": "cve",
    "title": "Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability",
    "source": "Foxit",
    "references": "https://www.foxit.com/support/security-bulletins.html",
    "id": "CVE-2025-66496",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "Foxit Software Inc. Foxit PDF Reader Versions 2025.2.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 14.0.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 13.2.1 and eariler\nFoxit Software Inc. Foxit PDF Editor Versions 2025.2.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 14.0.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 13.2.1 and eariler",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Foxit PDF Reader",
    "version": "Versions 2025.2.1 and earlier",
    "vendor": "Foxit Software Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Foxit PDF Reader 3D Annotation Out-of-Bounds Memory Access Vulnerability_CVE-2025-66496