CVE-2019-14214
Description
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foxit PhantomPDF before 8.3.10 is vulnerable to a JavaScript denial of service when deleting the only page in a document via the 't.hidden = true' function.
Vulnerability
An issue in Foxit PhantomPDF prior to version 8.3.10 allows a denial of service via JavaScript. When a document contains only one page, calling the function t.hidden = true during page deletion causes the application to become unresponsive or crash. All versions before 8.3.10 are affected [1].
Exploitation
An attacker must craft a PDF that triggers the vulnerable JavaScript code. The victim must open the malicious PDF and attempt to delete the single page. No special network position or authentication is required; the attack relies on user interaction. The sequence involves the PDF executing t.hidden = true on the only page, followed by a delete action, leading to the denial of service.
Impact
Successful exploitation results in a denial of service: the Foxit PhantomPDF application hangs or crashes, impacting availability. No data disclosure, modification, or code execution is reported.
Mitigation
Foxit addressed this vulnerability in PhantomPDF version 8.3.10. Users should update to this version or later. No workaround is documented in the available references [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Foxit/PhantomPDFdescription
- Range: <8.3.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.