{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-66499","assignerOrgId":"14984358-7092-470d-8f34-ade47a7658a2","state":"PUBLISHED","assignerShortName":"Foxit","dateReserved":"2025-12-03T01:33:55.298Z","datePublished":"2025-12-19T07:11:50.238Z","dateUpdated":"2025-12-19T17:16:14.030Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","MacOS"],"product":"Foxit PDF Reader","vendor":"Foxit Software Inc.","versions":[{"status":"affected","version":"Versions 2025.2.1 and earlier"},{"status":"affected","version":"Versions 14.0.1 and earlier"},{"status":"affected","version":"Versions 13.2.1 and eariler"}]},{"defaultStatus":"unaffected","platforms":["Windows","MacOS"],"product":"Foxit PDF Editor","vendor":"Foxit Software Inc.","versions":[{"status":"affected","version":"Versions 2025.2.1 and earlier"},{"status":"affected","version":"Versions 14.0.1 and earlier"},{"status":"affected","version":"Versions 13.2.1 and eariler"}]}],"credits":[{"lang":"en","type":"finder","value":"Anonymous working with Trend Micro Zero Day Initiative"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A heap-based buffer overflow vulnerability exists in the <strong>PDF parsing of Foxit PDF Reader</strong> when processing <strong>specially crafted JBIG2 data</strong>. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a <strong>remote attacker to execute arbitrary code</strong>."}],"value":"A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code."}],"impacts":[{"descriptions":[{"lang":"en","value":"Potential arbitrary code execution"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"CWE-190 Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"14984358-7092-470d-8f34-ade47a7658a2","shortName":"Foxit","dateUpdated":"2025-12-19T07:11:50.238Z"},"references":[{"url":"https://www.foxit.com/support/security-bulletins.html"}],"source":{"discovery":"UNKNOWN"},"title":"Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-19T17:15:51.634690Z","id":"CVE-2025-66499","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-19T17:16:14.030Z"}}]}}