A heap-based buffer overflow vulnerability allowing remote code execution has been identified in PDF-XChange Editor versions 10.5.2.395, 10.5.1.394, 10.5.0.393, 10.4.4.392, 10.4.2.390, 10.4.1.389, 10.3.1.387, 10.1.3.383, 10.1.2.382, 10.0.0.370, and 9.5.368.0. This vulnerability arises from improper validation of user-supplied data length when parsing GIF files, leading to arbitrary code execution in the context of the current process. Exploitation requires user interaction, such as opening a malicious file or visiting a harmful webpage.
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Users can update to PDF-XChange Editor version 10.6.0.396 or later to address this vulnerability. Instructions for updating can be found on the PDF-XChange website.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
