CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16303
https://notcve.org/view.php?id=CVE-2018-16303
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. PDF-XChange Editor hasta la versión 7.0.326.1 permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante una estructura x:xmpmeta manipulada. Esto está relacionado con CVE-2003-1564. • https://forum.tracker-software.com/viewtopic.php?f=62&t=31419 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6462
https://notcve.org/view.php?id=CVE-2018-6462
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. Tracker PDF-XChange Viewer y Viewer AX SDK, en versiones anteriores a la 2.5.322.8, gestiona de manera incorrecta la conversión de espacios de color de YCC a RGB calculando en base de 1bpc en lugar de en 8bpc. Esto podría permitir que atacantes remotos ejecuten código arbitrario mediante un documento PDF manipulado. • https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt https://www.tracker-software.com/company/news_press_events/view/179 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-13056 – PDF-XChange Viewer 2.5 Build 314.0 - Code Execution
https://notcve.org/view.php?id=CVE-2017-13056
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. La función launchURL en PDF-XChange Viewer 2.5 (Build 314.0) podría permitir que atacantes remotos ejecuten código arbitrario mediante un archivo PDF manipulado. PDF-XChange Viewer version 2.5 (Build 314.0) suffers from a javascript API remote code execution vulnerability. • https://www.exploit-db.com/exploits/42537 http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 5%CPEs: 1EXPL: 0CVE-2013-0729
https://notcve.org/view.php?id=CVE-2013-0729
Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file. Desbordamiento de buffer basado en memoria dinámica en Tracker Software PDF-XChange anterior a 2.5.208 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera Define Huffman Table manipulada en un flujo de archivo de imagen JPEG en un archivo PDF. • http://osvdb.org/89442 http://secunia.com/advisories/51855 http://www.securityfocus.com/bid/57491 http://www.tracker-software.com/company/news_press_events/view/123 https://exchange.xforce.ibmcloud.com/vulnerabilities/81427 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 26%CPEs: 1EXPL: 4CVE-2012-5324 – Tracker Software pdfSaver ActiveX 3.60 - 'pdfxctrl.dll' Stack Buffer Overflow (SEH) (PoC)
https://notcve.org/view.php?id=CVE-2012-5324
Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry function or (2) sub_key parameter to the InitFromRegistry function. Múltiples desbordamientos de búfer en Pdf Printer Preferences ActiveX Control en la biblioteca pdfxctrl.dll en PDF-XChange de Tracker Software versión 3.60.0128, permiten a los atacantes remotos ejecutar código arbitrario por medio de una cadena larga en el (1) parámetro sub_path en la función StoreInRegistry o (2) parámetro sub_key en la función InitFromRegistry. • https://www.exploit-db.com/exploits/18427 http://www.exploit-db.com/exploits/18427 http://www.securityfocus.com/bid/51712 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5067.php https://exchange.xforce.ibmcloud.com/vulnerabilities/72774 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •