PDF-XChange Editor
Moderate fix1 remedy
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix1 remedy
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Vulnerability
Patched
An out-of-bounds read vulnerability allowing information disclosure has been identified in PDF-XChange Editor. This issue arises from improper validation of user-supplied data when parsing JB2 files, leading to a read past the end of an allocated object. Remote attackers can exploit this vulnerability to disclose sensitive information on affected installations, but user interaction is required, as the target must open a malicious JB2 file. Additionally, this vulnerability could be leveraged, in conjunction with others, to execute arbitrary code in the context of the current process.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure and potentially allow for arbitrary code execution, depending on the presence of other vulnerabilities that could be chained with this one.
Remediation
Users are advised to update to PDF-XChange Editor version 10.4.2.390.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.