Use-After-Free Vulnerability in PDF-XChange Editor
CVE-2024-8816

5.5MEDIUM

Key Information:

Vendor
PDF-xchange
Status
PDF-xchange Editor
PDF-tools
Vendor
CVE Published:
22 November 2024

Summary

A use-after-free vulnerability in the PDF-XChange Editor's U3D file parsing allows remote attackers to disclose sensitive information on vulnerable installations. This security flaw arises from insufficient validation of object existence before performing operations, leading to potential information exploitation. Typically, an attacker must trick users into visiting a malicious webpage or opening a compromised file to leverage this vulnerability, potentially paving the way for arbitrary code execution in the context of the current process.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1239/

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-8816 : Use-After-Free Vulnerability in PDF-XChange Editor | SecurityVulnerability.io