PDF-XChange Editor
Moderate fix1 remedy
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix1 remedy
PDF-XChange Editor Out-of-Bounds Read Vulnerability in XPS File Parsing Allowing Information Disclosure
Vulnerability
Patched
An out-of-bounds read vulnerability has been identified in PDF-XChange Editor, specifically within the XPS file parsing component. This flaw arises from inadequate validation of user-supplied data, leading to the potential for reading past the end of an allocated object. As a result, remote attackers could exploit this vulnerability to disclose sensitive information on affected installations. User interaction is required, as the target must open a malicious XPS file. Additionally, this vulnerability could be leveraged, in conjunction with others, to execute arbitrary code within the context of the current process.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure and potentially allow for arbitrary code execution, according to the Zero Day Initiative.
Remediation
This vulnerability has been fixed in PDF-XChange Editor version 10.5.0.393.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.