CVE-2025-66498 | THREATINT

Description

A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory access may occur, resulting in memory corruption.

PUBLISHED Reserved 2025-12-03 | Published 2025-12-19 | Updated 2025-12-19 | Assigner Foxit

MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and eariler

affected

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and eariler

affected

Credits

Mat Powell of Trend of Trend Micro Zero Day Initiative finder

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2025-66498)

nvd.nist.gov (CVE-2025-66498)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu