CVE-2023-39485

Published: May 3, 2024Modified: May 20, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19189.

Affected (4)

Products: Pdf Xchange: Pdf Tools, Pdf Xchange Editor

Pdf Xchange

2 products

Pdf Tools

Pdf Xchange Editor

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Pdf Xchange Pdf Tools	Version 10.0.1.371
Pdf Xchange Pdf Tools	Version 9.4.364.0
Pdf Xchange Pdf Xchange Editor	Version 10.0.1.371
Pdf Xchange Pdf Xchange Editor	Version 9.4.364.0

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.zerodayinitiative.com/advisories/ZDI-23-1124/

Source: zdi-disclosures@trendmicro.com

Third Party Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-1124/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.