Primary

Context

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Vulnerability

Patched

An out-of-bounds read vulnerability allowing information disclosure has been identified in PDF-XChange Editor. This issue arises from improper validation of user-supplied data when parsing JB2 files, leading to a read past the end of an allocated object. Remote attackers can exploit this vulnerability to disclose sensitive information on affected installations, but user interaction is required, as the target must open a malicious file or visit a harmful page. Additionally, this vulnerability could be leveraged, in conjunction with others, to execute arbitrary code within the current process context.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure and potentially allow for arbitrary code execution in the context of the current process.

Remediation

Users can upgrade to PDF-XChange Editor version 10.4.2.390 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Tracker Software PDF-XChange Editor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating