PDF-XChange Editor
Moderate fix1 remedy
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix1 remedy
PDF-XChange Editor Out-of-Bounds Read Vulnerability in XPS File Parsing Allowing Information Disclosure
Vulnerability
Patched
An out-of-bounds read vulnerability has been identified in PDF-XChange Editor, specifically within the XPS file parsing component. This flaw arises from inadequate validation of user-supplied data, enabling a read past the end of an allocated object. As a result, remote attackers could exploit this vulnerability to disclose sensitive information on affected installations. User interaction is necessary for exploitation, as the target must open a malicious XPS file or visit a harmful webpage. Furthermore, this vulnerability could be leveraged alongside others to execute arbitrary code within the current process context.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure. Additionally, according to the Zero Day Initiative, it could be combined with other vulnerabilities to execute arbitrary code in the context of the current process.
Remediation
Users are advised to update to PDF-XChange Editor version 10.4.2.390, where this vulnerability has been fixed.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.