CVE-2019-14212
Description
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foxit PhantomPDF before 8.3.11 crashes via NULL pointer dereference when calling certain XFA JavaScript.
Vulnerability
Foxit PhantomPDF before version 8.3.11 is vulnerable to a denial-of-service condition due to a NULL pointer dereference. The flaw occurs when the application processes certain XFA JavaScript, as it fails to validate an object before accessing or using it, leading to a crash. [1]
Exploitation
An attacker can exploit this vulnerability by crafting a malicious PDF document that includes specially crafted XFA JavaScript. No user authentication is required beyond opening the PDF; the attack succeeds if a user opens the document with an affected version of Foxit PhantomPDF. [1]
Impact
Successful exploitation causes the application to crash, resulting in a denial of service. There is no evidence of remote code execution or other impacts documented in the available references. [1]
Mitigation
Users should upgrade to Foxit PhantomPDF version 8.3.11 or later, which fixes the issue. Foxit Software provides security updates through their security bulletins page. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Foxit/PhantomPDFdescription
- Range: < 8.3.11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/109313mitrevdb-entryx_refsource_BID
- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.