CVE-2019-14209
Description
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap corruption in Foxit PhantomPDF before 8.3.10 due to data desynchrony when adding AcroForm.
Vulnerability
In Foxit PhantomPDF (a PDF editor) prior to version 8.3.10, a data desynchrony issue occurs when adding an AcroForm. This leads to heap corruption when processing malformed form fields. The vulnerability is reachable when a user opens a crafted PDF file [1].
Exploitation
An attacker can exploit this by creating a malicious PDF with a specially crafted AcroForm that triggers the data desynchrony. No authentication is required; the user only needs to open the document in the affected application. The exploit does not require any special privileges beyond user interaction.
Impact
Successful exploitation results in heap corruption, which can lead to arbitrary code execution or denial of service. The attacker could potentially crash the application or execute arbitrary code in the context of the current user, leading to full compromise of the user's system.
Mitigation
Foxit has addressed this issue in Foxit PhantomPDF version 8.3.10 [1]. Users are advised to upgrade to this version or later. No other workarounds are currently available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Foxit/PhantomPDFdescription
- Range: <8.3.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.