This vulnerability is an instance of a use after free vulnerability in XFA module, related to choiceList element. The vulnerability is triggered by a crafted PDF file that contains choiceList element that subsequently leads to creation of invalid widget object. It can trigger access violation exception in Acrobat’s XFA engine because of a dangling reference left as a consequence of freeing an internal representation of choiceList XFA element. |