Information Disclosure Vulnerability in PDF-XChange Editor
CVE-2024-8832

5.5MEDIUM

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor; PDF-tools
Vendor: CVE Published:; 22 November 2024

🔔 Create PDF-xchange Vulnerability Alert

What is CVE-2024-8832?

This vulnerability pertains to an information disclosure issue within the PDF-XChange Editor, specifically related to the improper validation of user-supplied data during EMF file parsing. Attackers can exploit this flaw to access sensitive information stored in affected instances of the application. The vulnerability necessitates user interaction, as the target must either navigate to a malicious webpage or open a compromised EMF file to trigger the issue. By bypassing data validation, an attacker could potentially read beyond the bounds of allocated memory, enabling further exploitation when combined with other vulnerabilities.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1255/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024