CVE-2019-14215

Vulnerability

A wild pointer access vulnerability exists in Foxit PhantomPDF before version 8.3.11. The issue occurs in the xfa.event.rest XFA JavaScript method, where improper memory management leads to dereferencing a dangling or otherwise invalid pointer. This affects Foxit PhantomPDF (now Foxit PDF Editor) versions prior to 8.3.11 on Windows. [1]

Exploitation

An attacker can trigger this vulnerability by convincing a user to open a specially crafted PDF file containing malicious XFA JavaScript. No authentication or special network position is required beyond delivering the file to the victim. Upon the user opening the file, the JavaScript code calls xfa.event.rest, which accesses the wild pointer and causes the application to crash. [1]

Impact

Successful exploitation results in a denial of service: the Foxit PhantomPDF application crashes. The crash may lead to loss of unsaved work and user frustration, but there is no evidence of code execution or data exfiltration from the available references. [1]

Mitigation

The vulnerability is fixed in Foxit PhantomPDF version 8.3.11. Users should update to this version or later. As per Foxit's security bulletin, updating to the latest version of Foxit PDF Editor (such as 2026.1.1/14.0.4) also addresses the issue. No workaround is documented. [1]