PDF-XChange Editor
Moderate fix8 remedies
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix8 remedies
- >= 10.0.1.371, < 10.1.0.380
- >= 9.5.366.0, < 9.5.367.0
- >= 9.4.362.0, < 9.4.364.0
PDF-XChange Editor Out-Of-Bounds Read Remote Code Execution Vulnerability
Vulnerability
Patched
A remote code execution vulnerability has been identified in PDF-XChange Editor versions 10.5.2.395 and prior, as well as in version 10.0.0.370 and several other releases within the 9.x series. This vulnerability arises from improper validation of user-supplied data when parsing U3D files, leading to an out-of-bounds read that can be exploited to execute arbitrary code in the context of the current process. Exploitation requires user interaction, such as opening a malicious file or visiting a harmful webpage.
Impact
Successful exploitation allows remote attackers to execute arbitrary code on the affected system.
Remediation
Users are advised to update to PDF-XChange Editor version 10.6.0.396 or later. This update addresses the vulnerability by improving the validation of U3D files, preventing the out-of-bounds read that could be exploited for code execution.
Added: Jun 25, 2025, 10:57 PM
Updated: Jun 25, 2025, 10:57 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
10.0exploitability
4.4remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.