CVE-2018-6462

Published: Jan 31, 2018Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.

Affected (2)

Products: Tracker Software: Pdf Xchange Viewer, Viewer Ax Sdk

Tracker Software

2 products

Pdf Xchange Viewer

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Tracker Software Pdf Xchange Viewer	Before 2.5.322.8
Tracker Software Viewer Ax Sdk	Before 2.5.322.8

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt

Source: cve@mitre.org

https://www.tracker-software.com/company/news_press_events/view/179

Source: cve@mitre.org

PatchVendor Advisory

https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.tracker-software.com/company/news_press_events/view/179

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.