Foxit Reader and LibRaw Vulnerabilities Disclosed

What Happened

Cisco Talos’ Vulnerability Discovery & Research team recently uncovered significant vulnerabilities in two popular software products: Foxit Reader and LibRaw. These vulnerabilities have been patched by their respective vendors, following Cisco's third-party vulnerability disclosure policy.

The Flaw

Foxit Reader Vulnerability

One of the vulnerabilities, identified as CVE-2026-3779, is a use-after-free vulnerability. This flaw occurs in the way Foxit Reader handles an Array object. If an attacker crafts a malicious PDF document containing specially designed JavaScript code, they can exploit this vulnerability, leading to memory corruption and potentially allowing arbitrary code execution.

LibRaw Vulnerabilities

In addition to the Foxit Reader flaw, six vulnerabilities were found in LibRaw, a library used for processing RAW image files. These include:

• CVE-2026-20911
• CVE-2026-21413
• CVE-2026-20889
• CVE-2026-24660 (Heap-based buffer overflow vulnerabilities)
• CVE-2026-24450
• CVE-2026-20884 (Integer overflow vulnerabilities)

These vulnerabilities can be triggered by specially crafted malicious files, making them a serious risk.

What's at Risk

The vulnerabilities in Foxit Reader could allow attackers to execute arbitrary code on the user's machine, potentially leading to unauthorized access and data breaches. The LibRaw vulnerabilities also pose risks, particularly for applications that rely on this library for processing images.

Patch Status

Both Foxit and LibRaw have released patches to address these vulnerabilities. Users are strongly advised to update their software to the latest versions to mitigate the risks associated with these flaws.

Immediate Actions