Adobe Acrobat crashes when processing malicious PDFs with loops

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.2

Adobe Acrobat crashes when processing malicious PDFs with loops

CVE-2026-3778

Summary

Adobe Acrobat can crash when processing certain PDF files with a specific type of loop. This can happen if attackers craft a PDF with malicious JavaScript code that refers to itself in a loop. To stay safe, update Adobe Acrobat to the latest version or avoid opening suspicious PDFs.

Original title

Original description

The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes.

nvd CVSS3.1 6.2

Vulnerability type

CWE-674

https://www.foxit.com/support/security-bulletins.html

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026