When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://www.foxit.com/support/security-bulletins.html |
|
History
Wed, 08 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer. | |
| Title | Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability | |
| Weaknesses | CWE-416 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Foxit
Published:
Updated: 2026-07-08T13:20:30.258Z
Reserved: 2026-06-24T03:01:54.524Z
Link: CVE-2026-13129
Updated: 2026-07-08T13:20:26.838Z
No data.
No data.
OpenCVE Enrichment
No data.