Buffer overflow in Foxit PDF Editor (formerly Foxit PhantomPDF) and Foxit PDF Reader for Windows - CVE-2026-57246
Published: July 8, 2026
Foxit PDF Editor (formerly Foxit PhantomPDF)
Foxit PDF Reader for Windows
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to buffer copy without checking size of input in Foxit PDF Reader and Foxit PDF Editor when handling certain PDFs containing abnormal signature fields or annotation objects. A remote attacker can trick the victim into opening a crafted PDF file to execute arbitrary code.
User interaction is required to open a crafted PDF file.