{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3776", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "state": "PUBLISHED", "assignerShortName": "Foxit", "dateReserved": "2026-03-08T03:43:23.264Z", "datePublished": "2026-04-01T01:40:35.260Z", "dateUpdated": "2026-04-02T02:12:28.499Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-02T02:12:28.499Z"}, "title": "Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-476", "description": "CWE-476 NULL pointer dereference", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "platforms": ["Windows", "MacOS"], "versions": [{"status": "affected", "version": "Versions 2025.3 and earlier"}, {"status": "affected", "version": "Versions 14.0.2 and earlier"}, {"status": "affected", "version": "Versions 13.2.2 and earlier"}], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "platforms": ["Windows", "MacOS"], "versions": [{"status": "affected", "version": "Versions 2025.3 and earlier"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service."}]}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}}], "credits": [{"lang": "en", "value": "Suyue Guo from UCSB Seclab", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T14:16:53.743286Z", "id": "CVE-2026-3776", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T15:50:55.555Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3776", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T14:16:53.743286Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:17:15.666Z"}}], "cna": {"title": "Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Suyue Guo from UCSB Seclab"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Foxit Software Inc.", "product": "Foxit PDF Editor", "versions": [{"status": "affected", "version": "Versions 2025.3 and earlier"}, {"status": "affected", "version": "Versions 14.0.2 and earlier"}, {"status": "affected", "version": "Versions 13.2.2 and earlier"}], "platforms": ["Windows", "MacOS"], "defaultStatus": "unaffected"}, {"vendor": "Foxit Software Inc.", "product": "Foxit PDF Reader", "versions": [{"status": "affected", "version": "Versions 2025.3 and earlier"}], "platforms": ["Windows", "MacOS"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.foxit.com/support/security-bulletins.html"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.", "supportingMedia": [{"type": "text/html", "value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL pointer dereference"}]}], "providerMetadata": {"orgId": "14984358-7092-470d-8f34-ade47a7658a2", "shortName": "Foxit", "dateUpdated": "2026-04-02T02:12:28.499Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3776", "state": "PUBLISHED", "dateUpdated": "2026-04-02T02:12:28.499Z", "dateReserved": "2026-03-08T03:43:23.264Z", "assignerOrgId": "14984358-7092-470d-8f34-ade47a7658a2", "datePublished": "2026-04-01T01:40:35.260Z", "assignerShortName": "Foxit"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E9FD877-062E-4AE4-B7D7-91E1CA8657DF", "versionEndIncluding": "13.2.2.24014", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B7281CC-97ED-4441-BB97-6C73E328B9AD", "versionEndIncluding": "14.0.2.33402", "versionStartIncluding": "14.0.0.33046", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C75FEE6-54F3-49C6-BAEA-A09D23BE5D64", "versionEndIncluding": "2023.3.0.23028", "versionStartIncluding": "2023.1.0.15510", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C06BC41-9831-4AE3-B10B-3FC313D01580", "versionEndIncluding": "2024.4.1.27687", "versionStartIncluding": "2024.1.0.23997", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD0AAFC0-5B9B-4A11-8967-4699792850F1", "versionEndIncluding": "2025.3.0.35737", "versionStartIncluding": "2025.1.0.27937", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A7AD877-2AB4-4568-8109-5406D2259725", "versionEndIncluding": "2025.3.0.35737", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C7DEE55-1FE3-4B41-975D-BB926E9E69D4", "versionEndIncluding": "13.2.2.63349", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D6DE6B5-F04E-4484-9BF9-397D49464636", "versionEndIncluding": "14.0.2.69164", "versionStartIncluding": "14.0.0.68868", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8785CCE-C44C-4908-9133-13A580D5BECB", "versionEndIncluding": "2023.3.0.63083", "versionStartIncluding": "2023.1.0.55583", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF043D20-0E28-481C-8756-D1301FAE67D2", "versionEndIncluding": "2024.4.1.66479", "versionStartIncluding": "2024.1.0.63682", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "20698FD4-5E28-4206-ACEA-4FCD24AD23BE", "versionEndIncluding": "2025.3.0.69570", "versionStartIncluding": "2025.1.0.66692", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "308530A9-A5C2-4293-BB02-00DDB6C17C37", "versionEndIncluding": "2025.3.0.69570", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service."}, {"lang": "es", "value": "La aplicaci\u00f3n no valida la presencia de los datos de apariencia (AP) requeridos antes de acceder a los recursos de anotaci\u00f3n de sello. Cuando un PDF contiene una anotaci\u00f3n de sello a la que le falta su entrada AP, el c\u00f3digo contin\u00faa desreferenciando el objeto asociado sin una comprobaci\u00f3n previa de nulidad o validez, lo que permite que un documento manipulado active una desreferencia de puntero nulo y bloquee la aplicaci\u00f3n, lo que resulta en denegaci\u00f3n de servicio."}], "id": "CVE-2026-3776", "lastModified": "2026-04-14T17:55:57.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}, "published": "2026-04-01T02:16:02.590", "references": [{"source": "14984358-7092-470d-8f34-ade47a7658a2", "tags": ["Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}], "sourceIdentifier": "14984358-7092-470d-8f34-ade47a7658a2", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "14984358-7092-470d-8f34-ade47a7658a2", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows", "macos"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025.3]"}}, {"platform": ["windows", "macos"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.0.2]"}}, {"platform": ["windows", "macos"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,13.2.2]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Editor", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_pdf_editor", "vendor": "foxitsoftware"}, {"configurations": [{"platform": ["windows", "macos"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,2025.3]"}}], "enrichment": {"confidence": 91.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 91.0, "source": "matching"}]}, "original": {"product": "Foxit PDF Reader", "source": "cna", "vendor": "Foxit Software Inc."}, "product": "foxit_reader", "vendor": "foxitsoftware"}], "analysis": {"en": {"generated_at": "2026-04-14T21:07:00.731408+00:00", "value": {"mitigation_remediation": ["Update Foxit PDF Editor or Reader to the latest version that includes the fix.", "Verify that the update is installed on all devices running the application.", "If an update is not yet available, restrict opening of PDFs from untrusted sources until the patch is applied."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Products affected are Foxit PDF Editor and Foxit PDF Reader across platforms supported by the application, including macOS and Windows. No specific version information is provided, so all current releases should be checked for updates.", "description_and_impact": "Foxit PDF Editor and Reader contain a null pointer dereference when processing stamp annotations that lack required appearance data. A crafted PDF document can trigger the application to crash, leading to a denial of service for the affected user.", "risk_and_exploitability": "The vulnerability has a CVSS score of 5.5, indicating moderate severity, and an EPSS score of less than 1 percent, suggesting a low likelihood of exploitation in the wild. It is not listed in the CISA KEV catalog. Attackers could exploit it by creating and opening a malicious PDF file, typically from a user\u2019s local environment or from an untrusted source. The impact is limited to application crashes without privilege escalation or data theft."}}}}, "created": "2026-04-02T07:50:22.228096+00:00", "updated": "2026-04-15T16:45:09.770924+00:00", "vendors": ["foxitsoftware", "foxitsoftware$PRODUCT$foxit_pdf_editor", "foxitsoftware$PRODUCT$foxit_reader"]}