9.8
/ 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
Cisco Talos' Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to _Cisco 's third-party vulnerability disclosure policy_.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from _Snort.org_, and our latest Vulnerability Advisories are always posted on _Talos Intelligence 's website_.
## **Foxit use-after-free vulnerability**
_Discovered by KPC of Cisco Talos._
Foxit Reader allows users to view, edit, and sign PDF documents, among other features. Foxit aims to be one of the most feature-rich PDF readers on the market, and contains many similar functions to that of Adobe Acrobat Reader.
TALOS-2026-2365 (CVE-2026-3779) is a use-after-free vulnerability in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
## **LibRaw heap-based buffer overflow and integer overflow vulnerabilities**
_Discovered by Francesco Benvenuto of Cisco Talos._
LibRaw is a library and user interface for processing RAW file types and metadata created by digital cameras. Talos analysts found 6 vulnerabilities in LibRaw.
TALOS-2026-2330 (CVE-2026-20911), TALOS-2026-2331 (CVE-2026-21413), TALOS-2026-2358 (CVE-2026-20889), and TALOS-2026-2359 (CVE-2026-24660) are heap-based buffer overflow vulnerabilities in LibRaw, and TALOS-2026-2363 (CVE-2026-24450) and TALOS-2026-2364 (CVE-2026-20884) are integer overflow vulnerabilities. Specially crafted malicious files can lead to heap buffer overflow in all cases. An attacker can provide a malicious file to trigger these vulnerabilities.
Cisco Talos' Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to _Cisco 's third-party vulnerability disclosure policy_.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from _Snort.org_, and our latest Vulnerability Advisories are always posted on _Talos Intelligence 's website_.
## **Foxit use-after-free vulnerability**
_Discovered by KPC of Cisco Talos._
Foxit Reader allows users to view, edit, and sign PDF documents, among other features. Foxit aims to be one of the most feature-rich PDF readers on the market, and contains many similar functions to that of Adobe Acrobat Reader.
TALOS-2026-2365 (CVE-2026-3779) is a use-after-free vulnerability in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
## **LibRaw heap-based buffer overflow and integer overflow vulnerabilities**
_Discovered by Francesco Benvenuto of Cisco Talos._
LibRaw is a library and user interface for processing RAW file types and metadata created by digital cameras. Talos analysts found 6 vulnerabilities in LibRaw.
TALOS-2026-2330 (CVE-2026-20911), TALOS-2026-2331 (CVE-2026-21413), TALOS-2026-2358 (CVE-2026-20889), and TALOS-2026-2359 (CVE-2026-24660) are heap-based buffer overflow vulnerabilities in LibRaw, and TALOS-2026-2363 (CVE-2026-24450) and TALOS-2026-2364 (CVE-2026-20884) are integer overflow vulnerabilities. Specially crafted malicious files can lead to heap buffer overflow in all cases. An attacker can provide a malicious file to trigger these vulnerabilities.
Basic Information
ID
TALOSBLOG:BE0E87FAEA20A16ABC6D061A32B0C608
Published
Apr 16, 2026 at 19:00