CVE-2019-20816
Description
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foxit PhantomPDF before 8.3.12 has a NULL pointer dereference during file parsing, enabling denial of service via crafted PDF.
Vulnerability
A NULL pointer dereference occurs in Foxit PhantomPDF (now Foxit PDF Editor) versions prior to 8.3.12 when parsing specially crafted PDF file data. The vulnerability is triggered during the handling of specific file structures without proper validation, leading to a null pointer access.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious PDF file that triggers the NULL pointer dereference. The victim must open the file using an affected version of Foxit PhantomPDF. No additional privileges or user interaction beyond opening the file are required.
Impact
Successful exploitation results in a denial of service condition, as the NULL pointer dereference causes the application to crash. There is no evidence of memory corruption or code execution based on available information.
Mitigation
Foxit addressed this vulnerability in version 8.3.12 of PhantomPDF. Users should upgrade to this version or later. The fix is available from the official Foxit website [1]. No workaround exists for unpatched versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Foxit/PhantomPDFdescription
- Range: <8.3.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.