← All stories

Cisco Talos Intelligence

Foxit, LibRaw vulnerabilities

Kri Dontje · 2026-04-16 · Read original ↗

ATT&CK techniques detected

6 predictions

T1587.004Exploits

91%

"- 2026 - 2364 ( cve - 2026 - 20884 ) are integer overflow vulnerabilities. specially crafted malicious files can lead to heap buffer overflow in all cases. an attacker can provide a malicious file to trigger these vulnerabilities."

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1587.004Exploits

73%

"crafted javascript code inside a malicious pdf document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. an attacker needs to trick the user into opening the malicious file to trigger this vulnerability. libraw heap - bas…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1203Exploitation for Client Execution

67%

"crafted javascript code inside a malicious pdf document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. an attacker needs to trick the user into opening the malicious file to trigger this vulnerability. libraw heap - bas…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

59%

"foxit, libraw vulnerabilities cisco talos ’ vulnerability discovery & research team recently disclosed one foxit reader vulnerability, and six libraw file reader vulnerabilities. the vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

51%

"crafted javascript code inside a malicious pdf document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. an attacker needs to trick the user into opening the malicious file to trigger this vulnerability. libraw heap - bas…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1203Exploitation for Client Execution

41%

"- 2026 - 2364 ( cve - 2026 - 20884 ) are integer overflow vulnerabilities. specially crafted malicious files can lead to heap buffer overflow in all cases. an attacker can provide a malicious file to trigger these vulnerabilities."

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities.

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.

For