CVE-2019-14208
Description
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foxit PhantomPDF before 8.3.10 crashes due to a NULL pointer dereference when parsing a PDF with a null dictionary.
Vulnerability
Foxit PhantomPDF versions prior to 8.3.10 contain a NULL pointer dereference vulnerability. The crash occurs when the application retrieves a PDF object from a document or parses a portfolio that includes a null dictionary. This is triggered by malformed PDF content that lacks a valid dictionary entry, leading to a null pointer access [1].
Exploitation
An attacker can exploit this issue by convincing a user to open a specially crafted PDF document or portfolio using Foxit PhantomPDF. No special network position or authentication is required beyond sending the file to the victim and waiting for them to open it in the vulnerable software [1].
Impact
Successful exploitation causes a denial of service through application crash due to the NULL pointer dereference. The vulnerability does not lead to arbitrary code execution or data disclosure based on available information [1].
Mitigation
The vulnerability is fixed in Foxit PhantomPDF version 8.3.10. Users should update to this version or later to prevent the crash. No workaround has been disclosed, and the software is not listed on the KEV [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Foxit/PhantomPDFdescription
- Range: <8.3.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.