Out-of-Bounds Read Vulnerability in Foxit's PRC File Parsing
CVE-2026-57258

6.1MEDIUM

Key Information:

Vendor

Foxit Inc.

Vendor
CVE Published:
8 July 2026

What is CVE-2026-57258?

The vulnerability in Foxit's PRC file header parsing arises from the trust placed in the constructed file structure description. When processing, the logic assumes the underlying array contains valid elements and proceeds to read them, which can result in out-of-bounds reads that may cause application crashes. This poses a significant risk to users relying on the integrity of the PDF manipulation capabilities.

Affected Version(s)

Foxit PDF Editor MacOS Versions 2026.1.1 and earlier

Foxit PDF Editor MacOS Versions 14.0.3 and earlier

Foxit PDF Editor MacOS Versions 13.2.3 and earlier

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Roddy Chow
.