Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Cisco Talos Discloses Foxit Reader Use-After-Free and Six LibRaw Vulnerabilities
Advertisements

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed multiple issues affecting Foxit Reader and LibRaw. The findings include one Foxit Reader use-after-free vulnerability and six vulnerabilities in the LibRaw file-processing library. According to Talos, the vendors have already patched the issues in line with Cisco’s third-party vulnerability disclosure policy.

Foxit Reader vulnerability details

Talos said the Foxit Reader issue, tracked as TALOS-2026-2365 and CVE-2026-3779, is a use-after-free vulnerability affecting the way the application handles an Array object. Foxit Reader is a PDF reader used to view, edit, and sign documents, and it includes features similar to those found in other full-featured PDF tools.

The vulnerability can be triggered by specially crafted JavaScript code embedded in a malicious PDF document. If exploited, it may cause memory corruption and could lead to arbitrary code execution. An attacker would need to convince a user to open the malicious file for the attack to work.

LibRaw vulnerabilities discovered by Talos

Talos researcher Francesco Benvenuto identified six vulnerabilities in LibRaw, a library and user interface used to process RAW image files and metadata from digital cameras. The issues include both heap-based buffer overflows and integer overflows.

  • TALOS-2026-2330 (CVE-2026-20911) — heap-based buffer overflow
  • TALOS-2026-2331 (CVE-2026-21413) — heap-based buffer overflow
  • TALOS-2026-2358 (CVE-2026-20889) — heap-based buffer overflow
  • TALOS-2026-2359 (CVE-2026-24660) — heap-based buffer overflow
  • TALOS-2026-2363 (CVE-2026-24450) — integer overflow
  • TALOS-2026-2364 (CVE-2026-20884) — integer overflow

In all six cases, Talos said specially crafted malicious files could trigger heap buffer overflow conditions. An attacker can provide a malicious file to attempt exploitation.

Vendor patching and detection guidance

Talos stated that the vulnerabilities described in the blog post have been patched by their respective vendors. The disclosure follows Cisco’s third-party vulnerability disclosure policy.

For organizations looking for network-based detection coverage related to these issues, Talos recommends downloading the latest rule sets from Snort.org. Talos also notes that its latest Vulnerability Advisories are available on the Talos Intelligence website.

Why these findings matter

The Foxit and LibRaw disclosures highlight how crafted documents and image files can expose applications and libraries to memory corruption risks. In both products, the attack path begins with a malicious file provided to a user or system.

Keeping software updated and using available detection content can help reduce exposure to these recently disclosed vulnerabilities.

In short, Cisco Talos has disclosed one Foxit Reader flaw and six LibRaw issues, all of which have been patched by the vendors. Users and administrators should ensure they are running updated versions and apply available security controls.

All articles are written here with the help of AI on the basis of openly available information which cannot be independently verified. We do strive to quote the relevant sources.The intent is only to summarise what is already reported in public forum in our own wordswith no intention to plagarise or copy other person’s work.The publisher has no intent to defame or cause offence to anyone, any person or any organisation at any moment.The publisher assumes no responsibility for any damage or loss caused by making decisions on the basis of whatever is published on cyberconcise.com.You’re advised to do your own checks and balances before making any decision, and owners and publishers at cyberconcise.com cannot be held accountable for its resulting ramifications.If you have any objections, concerns or point out anything factually incorrect, please reach out using the form on https://concisecyber.com/about/

Discover more from Concise Cyber

Subscribe now to keep reading and get access to the full archive.

Continue reading