Foxit PDF Editor/Reader’s insufficient parameter validation leads to denial-of-service vulnerability

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Description

Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.

Basic Information

ID CVE-2026-5937

Source Foxit

Published Apr 27, 2026 at 11:00

Affected Product

Vendor Foxit Software Inc.

Product Foxit PDF Editor

Version Versions 2026.1 and earlier

Affected Versions Foxit Software Inc. Foxit PDF Editor Versions 2026.1 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 14.0.3 and earlier
Foxit Software Inc. Foxit PDF Editor Versions 13.2.3 and earlier
Foxit Software Inc. Foxit PDF Reader Versions 2026.1 and earlier

CWE Classification

CWE-248

References

www.foxit.com /support/security-bulletins.html

{
    "lastseen": "",
    "description": "Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled \"std::invalid_argument\" exception, ultimately causing the program to terminate.",
    "published": "2026-04-27T11:00:42.447Z",
    "modified": "2026-04-27T11:00:42.447Z",
    "type": "cve",
    "title": "Foxit PDF Editor/Reader's insufficient parameter validation leads to denial-of-service vulnerability",
    "source": "Foxit",
    "references": "https://www.foxit.com/support/security-bulletins.html",
    "id": "CVE-2026-5937",
    "bulletinFamily": "",
    "cwe": [
        "CWE-248"
    ],
    "cvelist": null,
    "sourceData": "Foxit Software Inc. Foxit PDF Editor Versions 2026.1 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 14.0.3 and earlier\nFoxit Software Inc. Foxit PDF Editor Versions 13.2.3 and earlier\nFoxit Software Inc. Foxit PDF Reader Versions 2026.1 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Foxit PDF Editor",
    "version": "Versions 2026.1 and earlier",
    "vendor": "Foxit Software Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Foxit PDF Editor/Reader’s insufficient parameter validation leads to denial-of-service vulnerability_CVE-2026-5937