PDF-XChange Editor
Moderate fix1 remedy
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix1 remedy
- 10.7.2.400
PDF-XChange Editor NULL Pointer Dereference Vulnerability in importDataObject() Function Leading to Denial-of-Service
Vulnerability
Patched
A NULL pointer dereference vulnerability has been identified in PDF-XChange Editor version 10.7.3.401. This vulnerability occurs in the importDataObject() function, where crafted input can lead to an access violation, causing the application to terminate unexpectedly and create a Denial-of-Service condition. The issue arises when the second argument of the importDataObject() method contains a URI scheme or a path with a single backslash, triggering the internal scheme-validation logic and resulting in a null pointer dereference.
Impact
Exploitation of this vulnerability causes an access violation, leading to a crash of the PDF-XChange Editor application.
Reproduction
To reproduce this vulnerability, invoke the importDataObject() method with a second argument that includes either a URI scheme (such as 'about:' or 'javascript:') or a file path containing a single backslash. The application will terminate immediately, causing a Denial-of-Service condition.
Remediation
Users are advised to update to the latest version of PDF-XChange Editor, as the vendor has released a patch for this vulnerability.
Added: Dec 9, 2025, 10:29 PM
Updated: Dec 9, 2025, 10:29 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
4.8remediation
7.7relevance
1.4threat
1.6urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.