CVE-2025-66499
Last modified
CVE-2025-66499 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Foxit | Pdf Editor | <= 13.2.1.23955 |
| Foxit | Pdf Editor | >= 14.0.0.33046, <= 14.0.1.33197 |
| Foxit | Pdf Editor | >= 2023.1.0.15510, <= 2023.3.0.23028 |
| Foxit | Pdf Editor | >= 2024.1.0.23997, <= 2024.4.1.27687 |
| Foxit | Pdf Editor | >= 2025.1.0.27937, <= 2025.2.1.33197 |
| Foxit | Pdf Reader | <= 2025.2.1.33197 |
| Foxit | Pdf Editor | <= 13.2.1.63315 |
| Foxit | Pdf Editor | >= 14.0.0.33046, <= 14.0.1.69005 |
| Foxit | Pdf Editor | >= 2023.1.0.15510, <= 2023.3.0.63083 |
| Foxit | Pdf Editor | >= 2024.1.0.23997, <= 2024.4.1.66479 |
| Foxit | Pdf Editor | >= 2025.1.0.27937, <= 2025.2.1.69005 |
| Foxit | Pdf Reader | <= 2025.2.1.69005 |
References
- https://www.foxit.com/support/security-bulletins.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-66499?
How severe is CVE-2025-66499?
How do I fix CVE-2025-66499?
Are you affected by CVE-2025-66499?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST