Information Disclosure Vulnerability in PDF-XChange Editor
CVE-2024-8820

5.5MEDIUM

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor; PDF-tools
Vendor: CVE Published:; 22 November 2024

Summary

An information disclosure vulnerability exists within the PDF-XChange Editor related to the parsing of U3D files. This flaw stems from inadequate validation of user-supplied data, leading to the potential for reading beyond the end of an allocated buffer. Remote attackers may exploit this vulnerability by enticing a user to visit a malicious webpage or open a crafted file, enabling the leakage of sensitive data from affected installations. Furthermore, this vulnerability can be exploited in conjunction with other weaknesses to execute arbitrary code within the context of the current process.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1243/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024