CVE-2025-66499

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.foxit.com/support/security-bulletins.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_reader::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_reader::::::::

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-12-19 07:16

Updated : 2025-12-23 17:37

NVD link : CVE-2025-66499

Mitre link : CVE-2025-66499

CVE.ORG link : CVE-2025-66499

JSON object : View

Products Affected

foxit

pdf_reader
pdf_editor

microsoft

windows

apple

macos

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2025-66499", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "14984358-7092-470d-8f34-ade47a7658a2", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-12-19T07:16:03.197", "references": [{"url": "https://www.foxit.com/support/security-bulletins.html", "tags": ["Vendor Advisory"], "source": "14984358-7092-470d-8f34-ade47a7658a2"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "14984358-7092-470d-8f34-ade47a7658a2", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code."}], "lastModified": "2025-12-23T17:37:17.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAE67A0F-4DFE-4268-90D5-789CCA2155A6", "versionEndIncluding": "13.2.1.23955"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1694C31-1717-40B3-9E11-773E39F288A8", "versionEndIncluding": "14.0.1.33197", "versionStartIncluding": "14.0.0.33046"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64", "versionEndIncluding": "2023.3.0.23028", "versionStartIncluding": "2023.1.0.15510"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580", "versionEndIncluding": "2024.4.1.27687", "versionStartIncluding": "2024.1.0.23997"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AC7F7F1-B05D-48C7-9DD3-CFC7CBA2E275", "versionEndIncluding": "2025.2.1.33197", "versionStartIncluding": "2025.1.0.27937"}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538915D1-1531-44A8-B15D-BCFE1356BCB5", "versionEndIncluding": "2025.2.1.33197"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF36C22F-253D-4ACE-A202-1BC66099FB43", "versionEndIncluding": "13.2.1.63315"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EAD777E-152E-4870-8CFD-10A4ED542409", "versionEndIncluding": "14.0.1.69005", "versionStartIncluding": "14.0.0.33046"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D41C109-FCCC-467D-AC01-37CE4106DC89", "versionEndIncluding": "2023.3.0.63083", "versionStartIncluding": "2023.1.0.15510"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5CE4481-BEBB-4646-B235-DCE82AEBD265", "versionEndIncluding": "2024.4.1.66479", "versionStartIncluding": "2024.1.0.23997"}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0778A96-55FD-452C-88F5-EE42D2D8CE49", "versionEndIncluding": "2025.2.1.69005", "versionStartIncluding": "2025.1.0.27937"}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83D931C5-F081-441F-8B29-4FDD7B32327A", "versionEndIncluding": "2025.2.1.69005"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2"}