PDF-XChange Editor Out-of-Bounds Read Vulnerability in EMF Processing

A vulnerability allowing out-of-bounds read has been identified in PDF-XChange Editor version 10.5.2.395. This issue arises in the application's EMF (Enhanced Metafile Format) handling, specifically during the conversion of EMF files to PDF. An attacker could exploit this vulnerability by crafting a specific EMF file that, when processed by the editor, could lead to unauthorized memory access and potentially disclose sensitive information.

Impact

Exploitation of this vulnerability allows for arbitrary memory reading within the PDF-XChange Editor process, which could result in the unauthorized disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by opening a specially crafted EMF file in PDF-XChange Editor version 10.5.2.395. The file must be designed to exploit the EMR_POLYDRAW16 record type, particularly by manipulating the abTypes field to include the PT_BEZIERTO point type. This can be done by creating an EMF file that meets these criteria and then loading it into the PDF-XChange Editor.

Remediation

Users are advised to update to the latest version of PDF-XChange Editor, as the vendor has released a patch for this vulnerability.