CVE-2026-57240

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
08/07/2026
Last modified:
09/07/2026

Description

When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 13.2.4.24048 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 14.0.0.33046 (including) 14.0.4.33508 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 2023.1.0.15510 (including) 2023.3.0.23028 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 2024.1.0.23997 (including) 2024.4.1.27687 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 2025.1.0.27937 (including) 2025.3.0.35737 (including)
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:* 2026.1.0.36452 (including) 2026.1.1.36485 (including)
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:* 2026.1.1.36485 (including)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools