PDF-XChange Editor
Moderate fix9 remedies
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:*:*:*:*:*:*:*
Moderate fix9 remedies
- >= 10.0.1.371, < 10.1.1.381
- >= 9.5.366.0, < 9.5.368.0
PDF-XChange Editor Use-After-Free Vulnerability in U3D File Parsing Allowing Information Disclosure
Vulnerability
Patched
A use-after-free vulnerability has been identified in PDF-XChange Editor, specifically in versions through 10.5.2.395. This vulnerability arises from improper validation of objects during the parsing of U3D files, allowing remote attackers to access sensitive information. Exploitation requires user interaction, as the target must open a malicious U3D file or visit a harmful webpage. The flaw could potentially be combined with other vulnerabilities to execute arbitrary code within the current process context.
Impact
Exploitation of this vulnerability could lead to unauthorized information disclosure and potentially allow for arbitrary code execution in the context of the affected process.
Remediation
Users are advised to update to PDF-XChange Editor version 10.6.0.396, which addresses this vulnerability. This update can be downloaded from the PDF-XChange website or through the PDF-XChange Updater.
Added: Jun 25, 2025, 11:10 PM
Updated: Jun 25, 2025, 11:10 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
2.5exploitability
4.4remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.