The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.
https://www.foxitsoftware.com/support/security-bulletins.php
http://www.zerodayinitiative.com/advisories/ZDI-16-218