Soda PDF Desktop
Easy fix1 remedy
cpe:2.3:a:sodapdf:soda_pdf_desktop:*:*:*:*:*:*:*
Easy fix1 remedy
Soda PDF Desktop Out-of-Bounds Read Vulnerability Allowing Information Disclosure
Vulnerability
An out-of-bounds read vulnerability has been identified in Soda PDF Desktop, specifically within the PDF file parsing component. This issue arises from inadequate validation of user-supplied data, allowing for reading beyond the end of an allocated object. As a result, remote attackers could exploit this vulnerability to disclose sensitive information on affected installations. User interaction is required, as the target must open a malicious PDF file. Additionally, this vulnerability could be leveraged, in conjunction with others, to execute arbitrary code within the current process context.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure. Furthermore, according to the Zero Day Initiative, this vulnerability could be combined with others to execute arbitrary code in the context of the current process.
Remediation
Given the nature of the vulnerability, the recommended mitigation strategy is to limit interactions with the product.
Added: Dec 23, 2025, 10:39 PM
Updated: Dec 23, 2025, 10:39 PM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
0.6exploitability
4.4remediation
7.9relevance
1.6threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.