PDF-XChange Editor
Moderate fix1 remedy
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix1 remedy
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Vulnerability
Patched
An out-of-bounds read vulnerability allowing information disclosure has been identified in PDF-XChange Editor. This issue arises from improper validation of user-supplied data when parsing U3D files, leading to the potential for reading past the end of an allocated object. Remote attackers can exploit this vulnerability to disclose sensitive information on affected systems. User interaction is required, as the target must open a malicious U3D file or visit a compromised page. Additionally, this vulnerability could be leveraged alongside others to execute arbitrary code within the current process context.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure. Furthermore, according to the Zero Day Initiative, this vulnerability could be combined with others to execute arbitrary code in the context of the current process.
Remediation
Users are advised to update to PDF-XChange Editor version 10.5.0.393. For more information, consult the PDF-XChange security bulletins.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
4.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.