Information Disclosure Vulnerability in PDF-XChange Editor JB2 File Parsing
CVE-2024-8835

5.5MEDIUM

Key Information:

Vendor
PDF-xchange
Status
PDF-xchange Editor
PDF-tools
Vendor
CVE Published:
22 November 2024

Summary

An information disclosure vulnerability exists within the PDF-XChange Editor related to the parsing of JB2 files. This flaw stems from inadequate validation of data supplied by users, which can lead to reading beyond the bounds of an allocated object. To exploit this vulnerability, an attacker must entice a user to either visit a malicious site or open a specially crafted file. If successfully executed, this vulnerability may allow the disclosure of sensitive information on systems running affected versions of PDF-XChange Editor. The flaw could potentially be chained with other vulnerabilities, enabling attackers to execute arbitrary code in the context of the affected application process.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1258/

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-8835 : Information Disclosure Vulnerability in PDF-XChange Editor JB2 File Parsing | SecurityVulnerability.io