Home
MEDIUM: 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HDefault status
unaffected
Versions 2025.3 and earlier
affected
Versions 14.0.2 and earlier
affected
Versions 13.2.2 and earlier
affected
Default status
unaffected
Versions 2025.3 and earlier
affected
Description
The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.
Problem types
CWE-476 NULL pointer dereference
Product status
Versions 2025.3 and earlier
Versions 14.0.2 and earlier
Versions 13.2.2 and earlier
Versions 2025.3 and earlier
Credits
Suyue Guo from UCSB Seclab
References
www.foxit.com/support/security-bulletins.html