Information Disclosure Vulnerability in PDF-XChange Editor
CVE-2024-8841

5.5MEDIUM

Key Information:

Vendor
PDF-xchange
Status
PDF-xchange Editor
PDF-tools
Vendor
CVE Published:
22 November 2024

Summary

A vulnerability exists in PDF-XChange Editor due to inadequate validation of user-supplied data during the parsing process of PDF files. This weakness allows remote attackers to potentially disclose sensitive information by compelling users to interact with malicious files or links. In this scenario, an attacker could exploit this flaw in conjunction with additional vulnerabilities to execute arbitrary code within the process's current context, heightening the severity of the situation. Ensuring timely updates and implementing security measures can significantly mitigate the risks associated with this vulnerability.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1264/

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-8841 : Information Disclosure Vulnerability in PDF-XChange Editor | SecurityVulnerability.io