Out-Of-Bounds Read Vulnerability in PDF-XChange Editor
CVE-2024-8819

5.5MEDIUM

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor; PDF-tools
Vendor: CVE Published:; 22 November 2024

Summary

A vulnerability exists in PDF-XChange Editor that arises during the parsing of U3D files. The flaw is due to insufficient validation of user-provided data, which can lead to a read operation that exceeds the end limits of an allocated buffer. This allows remote attackers to potentially disclose sensitive information from installations of the affected software. Successful exploitation of this vulnerability requires the target user to interact with a malicious webpage or document, facilitating unauthorized access to sensitive information. Attackers may combine this vulnerability with other exploits to execute arbitrary code within the context of the current application process. For more detailed information, refer to ZDI-24-1242.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1242/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024