Memory Corruption Vulnerability in PDF-XChange Editor
CVE-2024-8815

7.8HIGH

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor; PDF-tools
Vendor: CVE Published:; 22 November 2024

Summary

This vulnerability in PDF-XChange Editor arises from improper validation of user-supplied data during the parsing of U3D files, leading to memory corruption. An attacker can exploit this flaw to execute arbitrary code within the context of the affected application's process. Exploitation requires user interaction, such as opening a malicious file or visiting a compromised webpage, putting users at risk if proper precautions are not taken. The issue has been documented in ZDI-CAN-24210.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1238/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024