CVE Details
Basic Information
| Title | PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
|---|---|
| Type | cve |
| Published | 2025-06-25T21:40:33.774Z |
| Last Seen |
Product Information
| Vendor | PDF-XChange |
|---|---|
| Product | PDF-XChange Editor |
| Version | 10.5.2.395 |
CVSS Information
| Base Score | 0.0 () |
|---|---|
| Attack Vector | |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A remote code execution vulnerability in PDF-XChange Editor allows attackers to execute arbitrary code via malicious PRC files, requiring user interaction. The issue stems from improper data validation leading to a buffer overflow. |
|---|---|
| AI Severity | High |
| Vendor | PDF-XChange |
| Product | PDF-XChange Editor |
| Affected Version | 10.5.2.395 |
Affected Products
- PDF-XChange PDF-XChange Editor 10.5.2.395
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-787 |
| Bulletin Family |
References
Description
PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26734.