Out-Of-Bounds Read Vulnerability in PDF-XChange Editor
CVE-2024-8824

5.5MEDIUM

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor; PDF-tools
Vendor: CVE Published:; 22 November 2024

Summary

An information disclosure vulnerability exists in PDF-XChange Editor due to improper validation when parsing JB2 files. This flaw can lead to an out-of-bounds read, enabling attackers to exploit the vulnerability provided that the user opens a malicious file or visits a compromised webpage. An attacker could potentially gather sensitive information from the affected installations, and in conjunction with other vulnerabilities, could facilitate arbitrary code execution in the context of the running process.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1247/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024