CVE-2026-3778

Stack exhaustion caused by cyclic references in Foxit PDF Editor/Reader

CVSS 6.2 MEDIUMEPSS 0.1%CWE-674

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.2EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

01 abr 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Productos afectados

Foxit Software Inc. · Foxit PDF Editor Foxit Software Inc. · Foxit PDF Reader

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.foxit.com/support/security-bulletins.html