PDF-XChange Editor Out-of-Bounds Read Vulnerability in EMF Processing

A vulnerability allowing out-of-bounds read has been identified in PDF-XChange Editor version 10.6.0.396. This issue arises in the application's EMF (Enhanced Metafile Format) handling, specifically during the conversion of EMF files to PDF. The vulnerability can be exploited by using a specially crafted EMF file, which may lead to the unauthorized disclosure of sensitive information.

Impact

Exploitation of this vulnerability allows for arbitrary memory reading within the PDF-XChange Editor process, potentially disclosing sensitive information.

Reproduction

The vulnerability can be reproduced by opening a specially crafted EMF file in PDF-XChange Editor 10.6.0.396. The crafted file should exploit the EMR_EXTCREATEFONTINDIRECTW record by omitting a NULL terminator in the Facename field, causing the application to read out-of-bounds memory. This can be done by creating an EMF file that meets these criteria and then loading it into the editor.

Remediation

Users are advised to update to the patched version released by the vendor. The update can be obtained through the PDF-XChange Editor product page.