Out-Of-Bounds Read Vulnerability in PDF-XChange Editor
CVE-2024-8833

7.8HIGH

Key Information:

Vendor: PDF-xchange
Status: PDF-xchange Editor; PDF-tools
Vendor: CVE Published:; 22 November 2024

Summary

A vulnerability exists in the PDF-XChange Editor due to improper validation of user-supplied data during the parsing of XPS files. The flaw allows remote attackers to manipulate malicious files or navigate to harmful links, leading to an out-of-bounds read condition. An attacker can exploit this vulnerability to execute arbitrary code within the context of the currently running process on affected installations. This vulnerability requires the user to interact with the malicious content to initiate the attack, enhancing its potential impact in environments where users are likely to open unpredictable files.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1256/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024