Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-42423: Tracker Software Products :: PDF-XChange Editor Version History

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18716.

CVE
#vulnerability#pdf
  • Products

    • End-User Products
    • PDF-XChange Editor
    • PDF-XChange Editor Plus
    • PDF-XChange Lite Printer Free
    • PDF-XChange Standard Printer
    • PDF-Tools
    • PDF-XChange PRO
    • Software Developer Tools
    • PDF-XChange Editor SDK
    • PDF-XChange Editor Simple SDK
    • PDF-XChange Core API SDK
    • PDF-XChange Viewer ActiveX SDK
    • PDF-XChange Drivers API
    • PDF-XChange PRO SDK
  • Downloads

  • Support

    • Technical Support
    • Online Help Site
    • End-User Forums
    • Developer Forums
    • Knowledge Base/FAQs
    • Support Approach
  • Company

    • Company Info
    • Contact Us
    • About Us
    • Payment Options Explained
    • News, Press & Events
    • Charity & Academic Offers
    • Employment Opportunities
    • Resellers
    • Testimonials
    • Our Clients
  • View cart

Need more information? Get in touch.

You can contact us by phone, email or our social media accounts — we are here to assist you.

Related news

CVE-2022-38108: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE-2022-36957: Published | Zero Day Initiative

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907