{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3779", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "state": "PUBLISHED", "assignerShortName": "Foxit", "dateReserved": "2026-03-08T03:43:28.979Z", "datePublished": "2026-04-01T01:40:29.712Z", "dateUpdated": "2026-04-02T02:14:05.708Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-02T02:14:05.708Z"}, "title": "Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-416", "description": "CWE-416 Use after free", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Potential arbitrary code execution"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "platforms": ["Windows", "MacOS"], "versions": [{"status": "affected", "version": "Versions 2025.3 and earlier"}, {"status": "affected", "version": "Versions 14.0.2 and earlier"}, {"status": "affected", "version": "Versions 13.2.2 and earlier"}], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "platforms": ["Windows", "MacOS"], "versions": [{"status": "affected", "version": "Versions 2025.3 and earlier"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution."}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "KPC of Cisco Talos", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2365"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-01T03:06:18.215Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T14:18:37.648755Z", "id": "CVE-2026-3779", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T15:51:18.457Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2365"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-01T03:06:18.215Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3779", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T14:18:37.648755Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:18:52.770Z"}}], "cna": {"title": "Foxit PDF Editor/Reader List Box Calculate Array Use-After-Free Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "KPC of Cisco Talos"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Potential arbitrary code execution"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "versions": [{"status": "affected", "version": "Versions 2025.3 and earlier"}, {"status": "affected", "version": "Versions 14.0.2 and earlier"}, {"status": "affected", "version": "Versions 13.2.2 and earlier"}], "platforms": ["Windows", "MacOS"], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "versions": [{"status": "affected", "version": "Versions 2025.3 and earlier"}], "platforms": ["Windows", "MacOS"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.", "supportingMedia": [{"type": "text/html", "value": "The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use after free"}]}], "providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-02T02:14:05.708Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3779", "state": "PUBLISHED", "dateUpdated": "2026-04-02T02:14:05.708Z", "dateReserved": "2026-03-08T03:43:28.979Z", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "datePublished": "2026-04-01T01:40:29.712Z", "assignerShortName": "Foxit"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E9FD877-062E-4AE4-B7D7-91E1CA8657DF", "versionEndIncluding": "13.2.2.24014", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B7281CC-97ED-4441-BB97-6C73E328B9AD", "versionEndIncluding": "14.0.2.33402", "versionStartIncluding": "14.0.0.33046", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64", "versionEndIncluding": "2023.3.0.23028", "versionStartIncluding": "2023.1.0.15510", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580", "versionEndIncluding": "2024.4.1.27687", "versionStartIncluding": "2024.1.0.23997", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD0AAFC0-5B9B-4A11-8967-4699792850F1", "versionEndIncluding": "2025.3.0.35737", "versionStartIncluding": "2025.1.0.27937", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A7AD877-2AB4-4568-8109-5406D2259725", "versionEndIncluding": "2025.3.0.35737", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7DEE55-1FE3-4B41-975D-BB926E9E69D4", "versionEndIncluding": "13.2.2.63349", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D6DE6B5-F04E-4484-9BF9-397D49464636", "versionEndIncluding": "14.0.2.69164", "versionStartIncluding": "14.0.0.68868", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8785CCE-C44C-4908-9133-13A580D5BECB", "versionEndIncluding": "2023.3.0.63083", "versionStartIncluding": "2023.1.0.55583", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF043D20-0E28-481C-8756-D1301FAE67D2", "versionEndIncluding": "2024.4.1.66479", "versionStartIncluding": "2024.1.0.63682", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "20698FD4-5E28-4206-ACEA-4FCD24AD23BE", "versionEndIncluding": "2025.3.0.69570", "versionStartIncluding": "2025.1.0.66692", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "308530A9-A5C2-4293-BB02-00DDB6C17C37", "versionEndIncluding": "2025.3.0.69570", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution."}, {"lang": "es", "value": "La l\u00f3gica de c\u00e1lculo de la matriz del cuadro de lista de la aplicaci\u00f3n mantiene referencias obsoletas a objetos de p\u00e1gina o formulario despu\u00e9s de que son eliminados o recreados, lo que permite que documentos manipulados activen un uso despu\u00e9s de liberaci\u00f3n cuando se ejecuta el c\u00e1lculo y puede conducir potencialmente a ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2026-3779", "lastModified": "2026-04-28T14:15:34.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}, "published": "2026-04-01T02:16:03.043", "references": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2365"}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows", "macos"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025.3]"}}, {"platform": ["windows", "macos"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.0.2]"}}, {"platform": ["windows", "macos"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,13.2.2]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Editor", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_pdf_editor", "vendor": "foxitsoftware"}, {"configurations": [{"platform": ["windows", "macos"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025.3]"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 91.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Reader", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_reader", "vendor": "foxitsoftware"}], "analysis": {"en": {"generated_at": "2026-04-01T05:54:18.287679+00:00", "value": {"mitigation_remediation": ["Apply the latest available patch from Foxit\u2019s security bulletin website."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Foxit Software Inc. products Foxit PDF Editor and Foxit PDF Reader are affected. No specific versions are listed, so all installed versions should be considered at risk until an update is applied. The vulnerability exists in both the editor and the reader components and can be triggered by any instance that loads a maliciously crafted PDF.", "description_and_impact": "The vulnerability is a use\u2011after\u2011free condition in the list box calculation logic of Foxit PDF products. When the application processes a document, stale references to deleted or re\u2011created page or form objects may be dereferenced during a calculation, allowing an attacker to craft a document that triggers the routine and potentially execute arbitrary code with the privileges of the PDF reader or editor.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity. An EPSS score is not available, so the exact likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation in the wild as of the data provided. It is inferred that the likely attack vector is a crafted PDF document presented to the user or automatically opened. If a user opens such a document in Foxit PDF Editor or Reader, the use\u2011after\u2011free can be triggered, allowing an attacker to execute code with the application's privileges."}}}}, "created": "2026-04-02T07:50:25.155920+00:00", "updated": "2026-04-03T08:58:52.108824+00:00", "vendors": ["foxitsoftware", "foxitsoftware$PRODUCT$foxit_pdf_editor", "foxitsoftware$PRODUCT$foxit_reader"]}