Remote Code Execution Vulnerability in PDF-XChange Editor
CVE-2024-8838

7.8HIGH

Key Information:

Vendor
PDF-xchange
Status
PDF-xchange Editor
PDF-tools
Vendor
CVE Published:
22 November 2024

Summary

The vulnerability within PDF-XChange Editor involves a critical flaw in the parsing of XPS files. This flaw arises due to inadequate validation of user-supplied data, leading to an out-of-bounds read condition. By exploiting this vulnerability, remote attackers can execute arbitrary code on vulnerable installations once the user opens a malicious file or visits a related webpage, triggering the flaw.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1261/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-8838 : Remote Code Execution Vulnerability in PDF-XChange Editor | SecurityVulnerability.io