CVE-2019-20815
Description
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foxit PhantomPDF before 8.3.12 is vulnerable to denial of service via stack consumption from nested XML function calls.
Vulnerability
Foxit PhantomPDF versions prior to 8.3.12 are affected by a stack consumption vulnerability during XML parsing. The issue arises from nested function calls that can exhaust stack memory. [1]
Exploitation
An attacker can exploit this by crafting a malicious PDF with deeply nested XML content that triggers the stack consumption when opened in the vulnerable software. No authentication or special privileges are required beyond the user opening the file.
Impact
Successful exploitation leads to a denial of service condition, as the application crashes due to stack exhaustion. The attacker does not gain code execution or data access.
Mitigation
Foxit has released version 8.3.12 which addresses this issue. Users should upgrade to the latest version as indicated in Foxit's security bulletins. [1] No workaround is documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Foxit/PhantomPDFdescription
- Range: < 8.3.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.