Multiple vulnerabilities in PDF-XChange Editor
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 65 |
| CVE-ID | CVE-2022-41150 CVE-2022-41149 CVE-2022-41151 CVE-2022-42370 CVE-2022-42371 CVE-2022-42373 CVE-2022-42378 CVE-2022-42380 CVE-2022-42381 CVE-2022-42382 CVE-2022-42394 CVE-2022-41143 CVE-2022-42393 CVE-2022-41145 CVE-2022-41146 CVE-2022-41153 CVE-2022-41147 CVE-2022-42369 CVE-2022-42372 CVE-2022-42375 CVE-2022-42376 CVE-2022-42383 CVE-2022-42384 CVE-2022-42385 CVE-2022-42386 CVE-2022-42387 CVE-2022-42388 CVE-2022-42389 CVE-2022-42390 CVE-2022-42391 CVE-2022-42392 CVE-2022-41148 CVE-2022-41144 CVE-2022-42404 CVE-2022-42399 CVE-2022-42397 CVE-2022-42411 CVE-2022-41152 CVE-2022-42398 CVE-2022-42409 CVE-2022-42412 CVE-2022-42413 CVE-2022-42401 CVE-2022-42406 CVE-2022-42407 CVE-2022-42414 CVE-2022-42374 CVE-2022-42408 CVE-2022-42377 CVE-2022-42402 CVE-2022-42379 CVE-2022-42418 CVE-2022-42395 CVE-2022-42400 CVE-2022-42410 CVE-2022-42415 CVE-2022-42416 CVE-2022-42396 CVE-2022-42420 CVE-2022-42417 CVE-2022-42419 CVE-2022-42421 CVE-2022-42423 CVE-2022-42403 CVE-2022-42405 |
| CWE-ID | CWE-125 CWE-787 CWE-416 CWE-119 CWE-822 CWE-122 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
PDF-XChange Editor Client/Desktop applications / Office applications |
| Vendor | PDF-XChange |
Security Bulletin
This security bulletin contains information about 65 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU68013
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41150
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1347/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU68027
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-41149
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1346/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU68026
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-41151
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1348/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU68025
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42370
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1352/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU68024
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42371
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1353/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds write
EUVDB-ID: #VU68023
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42373
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1360/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU68022
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42378
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1368/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU68021
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42380
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1371/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds write
EUVDB-ID: #VU68020
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42381
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1372/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU68019
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42382
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1373/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds write
EUVDB-ID: #VU68018
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42394
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1392/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds write
EUVDB-ID: #VU68017
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-41143
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1329/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU68016
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42393
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1384/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU68015
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41145
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1335/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU68014
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41146
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1336/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU68012
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41153
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1350/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds write
EUVDB-ID: #VU68029
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-41147
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1337/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU68011
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42369
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1351/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU68010
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42372
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1354/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU68009
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42375
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1362/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU68008
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42376
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1363/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU68007
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42383
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1374/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU68006
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42384
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1375/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU68005
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42385
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1376/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU68004
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42386
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1377/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU68003
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42387
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1378/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU68002
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42388
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1379/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU68001
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42389
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1380/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU68000
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42390
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1381/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU67999
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42391
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1382/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU67998
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42392
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1383/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds write
EUVDB-ID: #VU68028
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-41148
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1345/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds write
EUVDB-ID: #VU68030
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-41144
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1334/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU68063
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42404
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling EMF files. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1330/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU68048
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42399
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1343/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU68062
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42397
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling XPS files. A remote attacker can create a specially crafted XPS file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1333/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU68061
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42411
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling JPC files. A remote attacker can create a specially crafted JPC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1338/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU68060
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-41152
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1349/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU68059
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42398
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1339/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU68058
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42409
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1340/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU68057
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42412
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1341/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU68056
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42413
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling JP2 files. A remote attacker can create a specially crafted JP2 file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1358/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU68055
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42401
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1364/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU68054
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42406
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling EMF files. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1359/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Out-of-bounds read
EUVDB-ID: #VU68053
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42407
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling EMF files. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1365/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use-after-free
EUVDB-ID: #VU68052
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42414
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1342/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU68051
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42374
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing U3D files. A remote attacker can trick the victim to open a specially crafted U3D file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1361/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU68050
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42408
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing EMF files. A remote attacker can trick the victim to open a specially crafted EMF file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1366/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Buffer overflow
EUVDB-ID: #VU68049
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42377
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1367/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Out-of-bounds read
EUVDB-ID: #VU68047
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42402
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1369/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU68046
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42379
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing U3D files. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger out-of-bounds read and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1370/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Untrusted pointer dereference
EUVDB-ID: #VU68044
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42418
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF files. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger an untrusted pointer dereference and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1387/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds write
EUVDB-ID: #VU68040
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42395
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing XPS files. A remote attacker can create a specially crafted XPS file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1331/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds write
EUVDB-ID: #VU68039
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42400
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1344/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds write
EUVDB-ID: #VU68038
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42410
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PGM files. A remote attacker can create a specially crafted PGM file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1355/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Out-of-bounds write
EUVDB-ID: #VU68037
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42415
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing JP2 files. A remote attacker can create a specially crafted JP2 file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1356/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds write
EUVDB-ID: #VU68036
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42416
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF files. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1385/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Untrusted pointer dereference
EUVDB-ID: #VU68045
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42396
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing XPS files. A remote attacker can create a specially crafted XPS file, trick the victim into opening it using the affected software, trigger an untrusted pointer dereference and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1332/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Out-of-bounds write
EUVDB-ID: #VU68034
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42420
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF files. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1388/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds write
EUVDB-ID: #VU68035
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42417
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF files. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1386/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Out-of-bounds write
EUVDB-ID: #VU68033
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42419
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF files. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1389/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Out-of-bounds write
EUVDB-ID: #VU68031
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42421
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF files. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1393/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Out-of-bounds write
EUVDB-ID: #VU68032
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42423
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF files. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1390/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Heap-based buffer overflow
EUVDB-ID: #VU68042
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42403
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can trick the victim to open a specially crafted PDF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1391/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Heap-based buffer overflow
EUVDB-ID: #VU68043
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42405
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing EMF files. A remote attacker can trick the victim to open a specially crafted EMF file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: 9.0.350.0 - 9.4.363.0
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.350.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.351.0:*:*:*:*:*:*:*
- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:9.0.352.0:*:*:*:*:*:*:*
https://www.tracker-software.com/product/pdf-xchange-editor/history
https://www.zerodayinitiative.com/advisories/ZDI-22-1357/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
