CVE-2025-66499 | THREATINT

Description

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

PUBLISHED Reserved 2025-12-03 | Published 2025-12-19 | Updated 2025-12-19 | Assigner Foxit

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and eariler

affected

Default status

unaffected

Versions 2025.2.1 and earlier

affected

Versions 14.0.1 and earlier

affected

Versions 13.2.1 and eariler

affected

Credits

Anonymous working with Trend Micro Zero Day Initiative finder

References

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2025-66499)

nvd.nist.gov (CVE-2025-66499)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.

help @ threatint.eu