When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://www.foxit.com/support/security-bulletins.html |
|
History
Wed, 08 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer. | |
| Title | Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability | |
| Weaknesses | CWE-416 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Foxit
Published:
Updated: 2026-07-08T13:20:30.258Z
Reserved: 2026-06-24T03:01:54.524Z
Link: CVE-2026-13129
Updated: 2026-07-08T13:20:26.838Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses