Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code...

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

Basic Information

ID CVE-2025-66499

Source Foxit

Published Dec 19, 2025 at 07:11

Affected Product

Vendor Foxit Software Inc.

Product Foxit PDF Reader

Version Versions 2025.2.1 and earlier

Affected Versions Foxit Software Inc. Foxit PDF Reader Versions 2025.2.1 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 14.0.1 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 13.2.1 and eariler
Foxit Software Inc. Foxit PDF Editor Versions 2025.2.1 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 14.0.1 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 13.2.1 and eariler

CWE Classification

CWE-190

References

www.foxit.com /support/security-bulletins.html

{
    "lastseen": "",
    "description": "A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.",
    "published": "2025-12-19T07:11:50.238Z",
    "modified": "2025-12-19T07:11:50.238Z",
    "type": "cve",
    "title": "Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability",
    "source": "Foxit",
    "references": "https://www.foxit.com/support/security-bulletins.html",
    "id": "CVE-2025-66499",
    "bulletinFamily": "",
    "cwe": [
        "CWE-190"
    ],
    "cvelist": null,
    "sourceData": "Foxit Software Inc. Foxit PDF Reader Versions 2025.2.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 14.0.1 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 13.2.1 and eariler\nFoxit Software Inc. Foxit PDF Editor Versions 2025.2.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 14.0.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 13.2.1 and eariler",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Foxit PDF Reader",
    "version": "Versions 2025.2.1 and earlier",
    "vendor": "Foxit Software Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability_CVE-2025-66499