CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37373 – PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-37373
18 Aug 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context ... • https://www.tracker-software.com/product/pdf-xchange-editor/history • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37374 – PDF-XChange Editor PNG File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-37374
18 Aug 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the cur... • https://www.tracker-software.com/product/pdf-xchange-editor/history • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37375 – PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-37375
18 Aug 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. Crafted data in a JPC file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context ... • https://www.tracker-software.com/product/pdf-xchange-editor/history • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Arch... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17497
https://notcve.org/view.php?id=CVE-2019-17497
10 Oct 2019 — Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. Tracker PDF-XChange Editor versiones anteriores a 8.0.330.0, presenta una vulnerabilidad de robo de hash NTLM SSO utilizando archivos FDF o XFDF diseñados (un problema relacionado con CVE-2018-4993). Por ejemplo, un hash NTLM es enviado hacia un enlace en \\1... • https://github.com/JM-Lemmi/cve-2019-17497 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16303
https://notcve.org/view.php?id=CVE-2018-16303
01 Sep 2018 — PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. PDF-XChange Editor hasta la versión 7.0.326.1 permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante una estructura x:xmpmeta manipulada. Esto está relacionado con CVE-2003-1564. • https://forum.tracker-software.com/viewtopic.php?f=62&t=31419 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6462
https://notcve.org/view.php?id=CVE-2018-6462
31 Jan 2018 — Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. Tracker PDF-XChange Viewer y Viewer AX SDK, en versiones anteriores a la 2.5.322.8, gestiona de manera incorrecta la conversión de espacios de color de YCC a RGB calculando en base de 1bpc en lugar de en 8bpc. Esto podría permitir que atacantes remotos ej... • https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 3CVE-2017-13056 – PDF-XChange Viewer 2.5 Build 314.0 - Code Execution
https://notcve.org/view.php?id=CVE-2017-13056
24 Aug 2017 — The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. La función launchURL en PDF-XChange Viewer 2.5 (Build 314.0) podría permitir que atacantes remotos ejecuten código arbitrario mediante un archivo PDF manipulado. PDF-XChange Viewer version 2.5 (Build 314.0) suffers from a javascript API remote code execution vulnerability. • https://packetstorm.news/files/id/143912 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 7%CPEs: 1EXPL: 0CVE-2013-0729
https://notcve.org/view.php?id=CVE-2013-0729
02 Apr 2014 — Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file. Desbordamiento de buffer basado en memoria dinámica en Tracker Software PDF-XChange anterior a 2.5.208 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera Define Huffman Table manipulada en un flujo de archivo de imagen JPEG en un archivo PDF. • http://osvdb.org/89442 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 4CVE-2012-5324 – Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC)
https://notcve.org/view.php?id=CVE-2012-5324
08 Oct 2012 — Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry function or (2) sub_key parameter to the InitFromRegistry function. Múltiples desbordamientos de búfer en Pdf Printer Preferences ActiveX Control en la biblioteca pdfxctrl.dll en PDF-XChange de Tracker Software versión 3.60.0128, permiten a los atacantes remoto... • https://www.exploit-db.com/exploits/18427 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •