Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
Weakness
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pdf_editor | Foxit | * | 13.2.0.63256 (including) |
| Pdf_editor | Foxit | 2023.1.0.55583 (including) | 2023.3.0.63083 (including) |
| Pdf_editor | Foxit | 2024.1.0.63682 (including) | 2024.4.1.66479 (including) |
| Pdf_editor | Foxit | 14.0.0.68868 (including) | 14.0.0.68868 (including) |
| Pdf_editor | Foxit | 2025.1.0.66692 (including) | 2025.1.0.66692 (including) |
| Pdf_editor | Foxit | 2025.2.0.68868 (including) | 2025.2.0.68868 (including) |
| Pdf_reader | Foxit | * | 2025.2.0.68868 (including) |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/21.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/459.html
- https://cwe.mitre.org/data/definitions/461.html
- https://cwe.mitre.org/data/definitions/473.html
- https://cwe.mitre.org/data/definitions/476.html
- https://cwe.mitre.org/data/definitions/59.html
- https://cwe.mitre.org/data/definitions/60.html
- https://cwe.mitre.org/data/definitions/667.html
- https://cwe.mitre.org/data/definitions/94.html