PDF-XChange Editor Out-of-Bounds Read Vulnerability in EMF Processing

A vulnerability allowing out-of-bounds read has been identified in PDF-XChange Editor version 10.7.3.401. This issue arises in the application's handling of Enhanced Metafile (EMF) files during conversion, where a specially crafted EMF file can lead to the unauthorized reading of memory. Such exploitation could result in the disclosure of sensitive information.

Impact

Exploitation of this vulnerability allows for arbitrary memory reading within the PDF-XChange Editor process, potentially leading to the unauthorized disclosure of sensitive information.

Reproduction

The vulnerability can be reproduced by opening a specially crafted EMF file in PDF-XChange Editor 10.7.3.401. The file must be designed to exploit the EMR_SMALLTEXTOUT record by manipulating the record size and options, causing the application to read beyond the allocated buffer. This can be done by setting the 'fuOptions' field to omit the 'Bounds' data while reducing the 'recordSize' to create a mismatch, which triggers the out-of-bounds read when the 'Bounds' field is expected to be fully populated.

Remediation

Users are advised to update to the latest version of PDF-XChange Editor, as the vulnerability has been patched in the most recent release.