The instruction at which the vulnerability occurs is as follows:
(591c.504c): Access violation - code c0000005 (!!! second chance !!!)
PDFXEditCore_x64!PXV_GetInstance+0x668664:
00007fff`be028964 488b07 mov rax,qword ptr [rdi] ds:00000000`00000000=????????????????
This issue occurs when the second argument of importDataObject(name, pathOrUrl) contains either a URI scheme or a path that includes a single backslash. If the argument contains a colon (:), the internal scheme-validation logic is invoked. When unsupported or untrusted schemes such as about: or javascript: are supplied—or when this.URL is passed—the scheme parser returns an ERROR_OBJECT, which subsequently leads to a null pointer dereference.
In the case of a path containing a single backslash (e.g., "C:\test.txt"), JavaScript string-escaping corrupts the path, causing the file-open operation to fail and again resulting in an ERROR_OBJECT that triggers a null pointer dereference. Notably, when this.URL is used as the second argument, the application terminates immediately without requiring any user interaction.