CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37373 – PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-37373
18 Aug 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context ... • https://www.tracker-software.com/product/pdf-xchange-editor/history • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37374 – PDF-XChange Editor PNG File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-37374
18 Aug 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the cur... • https://www.tracker-software.com/product/pdf-xchange-editor/history • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37375 – PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-37375
18 Aug 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. Crafted data in a JPC file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context ... • https://www.tracker-software.com/product/pdf-xchange-editor/history • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 42EXPL: 0CVE-2018-18689
https://notcve.org/view.php?id=CVE-2018-18689
07 Jan 2021 — The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Arch... • https://pdf-insecurity.org/signature/evaluation_2018.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17497
https://notcve.org/view.php?id=CVE-2019-17497
10 Oct 2019 — Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. Tracker PDF-XChange Editor versiones anteriores a 8.0.330.0, presenta una vulnerabilidad de robo de hash NTLM SSO utilizando archivos FDF o XFDF diseñados (un problema relacionado con CVE-2018-4993). Por ejemplo, un hash NTLM es enviado hacia un enlace en \\1... • https://github.com/JM-Lemmi/cve-2019-17497 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16303
https://notcve.org/view.php?id=CVE-2018-16303
01 Sep 2018 — PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. PDF-XChange Editor hasta la versión 7.0.326.1 permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante una estructura x:xmpmeta manipulada. Esto está relacionado con CVE-2003-1564. • https://forum.tracker-software.com/viewtopic.php?f=62&t=31419 • CWE-611: Improper Restriction of XML External Entity Reference •