Foxit, LibRaw vulnerabilities

Cisco Talos disclosed multiple vulnerabilities affecting Foxit Reader and the LibRaw library. Specifically, a use-after-free vulnerability was identified in Foxit Reader (CVE-2026-3779), allowing arbitrary code execution via specially crafted PDFs containing JavaScript. Additionally, six vulnerabilities were found in LibRaw, including heap-based buffer overflows and integer overflows, exploitable through malicious RAW image files. Successful exploitation could lead to memory corruption and arbitrary code execution on victim systems. Attackers require user interaction, such as tricking users into opening malicious files, to trigger these flaws. All identified vulnerabilities have been patched by respective vendors in adherence to disclosure policies. Users are advised to update Foxit Reader and LibRaw implementations immediately. Snort rules are available to detect exploitation attempts. These findings highlight the risk associated with processing untrusted document and image files within vulnerable software versions.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy . For

Cisco Talos disclosed multiple vulnerabilities affecting Foxit Reader and the LibRaw library. Specifically, a use-after-free vulnerability was identified in Foxit Reader (CVE-2026-3779), allowing arbitrary code execution via specially crafted PDFs containing JavaScript. Additionally, six vulnerabilities were found in LibRaw, including heap-based buffer overflows and integer overflows, exploitable through malicious RAW image files. Successful exploitation could lead to memory corruption and arbitrary code execution on victim systems. Attackers require user interaction, such as tricking users into opening malicious files, to trigger these flaws. All identified vulnerabilities have been patched by respective vendors in adherence to disclosure policies. Users are advised to update Foxit Reader and LibRaw implementations immediately. Snort rules are available to detect exploitation attempts. These findings highlight the risk associated with processing untrusted document and image files within vulnerable software versions. Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy . For Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy . For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website . Foxit use-after-free vulnerability Discovered by KPC of Cisco Talos. Foxit Reader allows users to view, edit, and sign PDF documents, among other features. Foxit aims to be one of the most feature-rich PDF readers on the market, and contains many similar functions to that of Adobe Acrobat Reader. TALOS-2026-2365 (CVE-2026-3779) is a use-after-free vulnerability in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. LibRaw heap-based buffer overflow and integer overflow vulnerabilities Discovered by Francesco Benvenuto of Cisco Talos. LibRaw is a library and user interface for processing RAW file types and metadata created by digital cameras. Talos analysts found 6 vulnerabilities in LibRaw. TALOS-2026-2330 (CVE-2026-20911), TALOS-2026-2331 (CVE-2026-21413), TALOS-2026-2358 (CVE-2026-20889), and TALOS-2026-2359 (CVE-2026-24660) are heap-based buffer overflow vulnerabilities in LibRaw, and TALOS-2026-2363 (CVE-2026-24450) and TALOS-2026-2364 (CVE-2026-20884) are integer overflow vulnerabilities. Specially crafted malicious files can lead to heap buffer overflow in all cases. An attacker can provide a malicious file to trigger these vulnerabilities.