CVE-2018-16303

Published: Sep 1, 2018Modified: Nov 27, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.

Affected (1)

Products: Pdf Xchange: Pdf Xchange Editor

Pdf Xchange

1 product

Pdf Xchange Editor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pdf Xchange Pdf Xchange Editor	Up to 7.0.326.1

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://forum.tracker-software.com/viewtopic.php?f=62&t=31419

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://forum.tracker-software.com/viewtopic.php?f=62&t=31419

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.