PDF-XChange Editor
Moderate fix18 remedies
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix18 remedies
- >= 10.0.1.371, <= 10.0.1.371
- >= 9.5.368.0, <= 9.5.368.0
- >= 9.5.367.0, <= 9.5.367.0
- >= 9.4.364.0, <= 9.4.364.0
PDF-XChange Editor Use-After-Free Vulnerability in U3D File Parsing Allows Remote Code Execution
Vulnerability
Patched
A use-after-free vulnerability has been identified in PDF-XChange Editor, specifically in the handling of U3D files. This flaw allows remote attackers to execute arbitrary code on the affected system. The vulnerability arises because the application fails to properly validate the existence of an object before performing operations on it, particularly when processing certain U3D files and streams within PDF documents. Exploitation of this vulnerability requires user interaction, as the target must open a malicious file or visit a harmful webpage.
Impact
Exploitation of this vulnerability could lead to arbitrary code execution on the affected system, allowing an attacker to execute malicious payloads in the context of the current user process.
Remediation
Users are advised to update to PDF-XChange Editor version 10.6.0.396 or later, where this vulnerability has been addressed. Instructions for updating can be found on the PDF-XChange website.
Added: Jun 25, 2025, 10:38 PM
Updated: Jun 25, 2025, 10:38 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
10.0exploitability
4.4remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.