CVE-2019-14207
Description
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object (caused by an append error).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foxit PhantomPDF before 8.3.11 crashes due to an endless loop from a child-parent object confusion caused by an append error.
Vulnerability
An issue was discovered in Foxit PhantomPDF before version 8.3.11. The application crashes when calling the clone function due to an endless loop resulting from confusing relationships between a child and parent object, caused by an append error. [1]
Exploitation
An attacker would need to craft a malicious PDF that triggers the clone function with a specific object structure that causes the append error. The user must open the PDF in an affected version. No authentication or special privileges are required beyond opening the file.
Impact
Successful exploitation leads to a denial of service (application crash). The endless loop consumes resources, causing the application to become unresponsive. No code execution or data disclosure is indicated.
Mitigation
Foxit released PhantomPDF version 8.3.11 which fixes this issue. Users should update to 8.3.11 or later. [1] No workaround is documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Foxit/PhantomPDFdescription
- Range: <8.3.11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/109314mitrevdb-entryx_refsource_BID
- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.