Multiple vulnerabilities in PDF-XChange Editor, PDF-Tools and PDF-XChange PRO
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 30 |
| CVE-ID | CVE-2024-8812 CVE-2024-8841 CVE-2024-8840 CVE-2024-8839 CVE-2024-8838 CVE-2024-8837 CVE-2024-8836 CVE-2024-8835 CVE-2024-8834 CVE-2024-8833 CVE-2024-8832 CVE-2024-8831 CVE-2024-8830 CVE-2024-8829 CVE-2024-8828 CVE-2024-8827 CVE-2024-8826 CVE-2024-8825 CVE-2024-8824 CVE-2024-8823 CVE-2024-8822 CVE-2024-8821 CVE-2024-8820 CVE-2024-8819 CVE-2024-8818 CVE-2024-8817 CVE-2024-8816 CVE-2024-8815 CVE-2024-8814 CVE-2024-8813 |
| CWE-ID | CWE-125 CWE-787 CWE-416 CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
PDF-XChange Editor Client/Desktop applications / Office applications PDF-Tools Client/Desktop applications / Office applications PDF-XChange PRO Client/Desktop applications / Office applications |
| Vendor | PDF-XChange |
Security Bulletin
This security bulletin contains information about 30 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU97465
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8812
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1235/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU97600
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8841
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1264/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU97599
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8840
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted JB2 file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1263/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU97598
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8839
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted JB2 file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1262/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU97597
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8838
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted XPS file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1261/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU97596
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8837
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted XPS file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1260/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU97595
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8836
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted TIF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1259/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU97592
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8835
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted JB2 file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1258/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU97591
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8834
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted TIF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1257/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU97590
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8833
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted XPS file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1256/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU97589
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8832
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1255/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU97588
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8831
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted XPS file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1254/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU97587
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8830
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted XPS file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1253/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU97586
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8829
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1252/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU97585
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8828
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted EMF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1251/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds write
EUVDB-ID: #VU97584
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8827
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted PPM file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1250/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU97581
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8826
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted XPS file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1249/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU97577
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8825
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1248/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU97575
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8824
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted JB2 file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1247/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU97483
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8823
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted JB2 file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1246/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU97481
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8822
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1245/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU97479
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8821
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted U3D file and gain access to sensitive information on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1244/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU97477
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8820
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1243/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU97475
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8819
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted U3D file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1242/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU97473
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8818
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted U3D file and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1241/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds write
EUVDB-ID: #VU97471
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8817
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1240/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU97470
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8816
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick a victim to open a specially crafted U3D file and gain access to sensitive information on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1239/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU97469
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8815
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted U3D files, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1238/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU97467
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8814
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted U3D files, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system, leading to arbitrary code execution.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1237/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds write
EUVDB-ID: #VU97466
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-8813
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can create a specially crafted U3D file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDF-XChange Editor: before 10.3.1.387
PDF-Tools: before 10.3.1.387
PDF-XChange PRO: before 10.3.1.387
CPE2.3- cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-tools:*:*:*:*:*:*:*:
- cpe:2.3:a:pdf-xchange:pdf-xchange_pro:*:*:*:*:*:*:*:
http://www.zerodayinitiative.com/advisories/ZDI-24-1236/
http://www.pdf-xchange.com/index.php/support/security-bulletins.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
