CVE Details
Basic Information
| Title | PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
|---|---|
| Type | cve |
| Published | 2025-06-25T21:42:40.973Z |
| Last Seen |
Product Information
| Vendor | PDF-XChange |
|---|---|
| Product | PDF-XChange Editor |
| Version | 10.5.2.395 |
CVSS Information
| Base Score | 0.0 () |
|---|---|
| Attack Vector | |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | This vulnerability allows remote attackers to execute arbitrary code on PDF-XChange Editor by exploiting an out-of-bounds write issue in JP2 file parsing. User interaction is required, such as opening a malicious file. The flaw stems from improper validation of user-supplied data. |
|---|---|
| AI Severity | Critical |
| Vendor | PDF-XChange |
| Product | PDF-XChange Editor |
| Affected Version | 10.5.2.395 |
Affected Products
- PDF-XChange PDF-XChange Editor 10.5.2.395
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-787 |
| Bulletin Family |
References
Description
PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26713.