Home

Description

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.

PUBLISHED Reserved 2026-03-08 | Published 2026-04-01 | Updated 2026-04-02 | Assigner Foxit




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-416 Use after free

Product status

Default status
unaffected

Versions 2025.3 and earlier
affected

Versions 14.0.2 and earlier
affected

Versions 13.2.2 and earlier
affected

Default status
unaffected

Versions 2025.3 and earlier
affected

Credits

KPC of Cisco Talos finder

References

www.talosintelligence.com/...ability_reports/TALOS-2026-2365

www.foxit.com/support/security-bulletins.html

cve.org (CVE-2026-3779)

nvd.nist.gov (CVE-2026-3779)

Download JSON