PDF-XChange Editor
Moderate fix1 remedy
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix1 remedy
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Vulnerability
Patched
An out-of-bounds read vulnerability allowing information disclosure has been identified in PDF-XChange Editor. This issue arises from improper validation of user-supplied data when parsing U3D files, leading to a read past the end of an allocated buffer. Remote attackers can exploit this vulnerability to disclose sensitive information on affected installations. User interaction is required, as the target must open a malicious U3D file or visit a harmful webpage. Additionally, this vulnerability could be leveraged, in conjunction with others, to execute arbitrary code within the current process context.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure, with the potential for arbitrary code execution in the context of the affected process.
Remediation
Users can upgrade to PDF-XChange Editor version 10.4.2.390 to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.