Is this a flaw in the Adobe rendering engine or the PDF file format itself?
If I use (say) FoxIt to view PDFs am I vulnerable?
It's kind of not possible for a file format to have a vulnerability. If you're working from a spec., then whatever language you implement it in will have different ways to handle things.
If you're using an unmanaged language like C and implementing something like a "title" field in a file header that in the spec. may only be up to 255 characters (or whatever), then it's up to you to make sure that you check the size, etc., and ensure that you don't allow a buffer overflow, etc. Perhaps you need to null terminate it. Perhaps there's another mechanism for that like delimiters. Those considerations mostly apply to reading as if you're writing a file nothing really matters, and if you're a virus writer, it's the reader application that you want to exploit by injecting code (or whatever).
So if you are reading a file and encounter a title field in a file header that is 4,582 bytes long before you encounter a null termination, then you've got to discard everything after the 255th byte, or you need to do some kind of error checking. etc. etc. etc.
It is possible for there to be a flaw in the spec., but that's a different question entirely. Most exploits are for implementations.
The obvious example of a 'flawed spec.' is Windows 9x. It was designed as a stand-alone personal computer, and not a network computer. Once it became connected to untrusted networks, the problems became painfully apparent. That of course is all debatable, but should kind of point out the difference somewhat.