CVE-2022-42421

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-42421
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18703.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.tracker-software.com/product/pdf-xchange-editor/history Release Notes Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-1393/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:tracker-software:pdf-xchange_editor:*:*:*:*:*:*:*:*
History

28 Jan 2023, 03:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
References (N/A) https://www.zerodayinitiative.com/advisories/ZDI-22-1393/ - (N/A) https://www.zerodayinitiative.com/advisories/ZDI-22-1393/ - Third Party Advisory, VDB Entry
References (N/A) https://www.tracker-software.com/product/pdf-xchange-editor/history - (N/A) https://www.tracker-software.com/product/pdf-xchange-editor/history - Release Notes, Vendor Advisory
First Time Tracker-software pdf-xchange Editor
Tracker-software
CPE cpe:2.3:a:tracker-software:pdf-xchange_editor:*:*:*:*:*:*:*:*
CWE CWE-787

26 Jan 2023, 21:17

Type Values Removed Values Added
Summary This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18703. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18703.

26 Jan 2023, 18:59

Type Values Removed Values Added
New CVE
Information

Published : 2023-01-26 18:59

Updated : 2023-12-10 14:48

NVD link : CVE-2022-42421

Mitre link : CVE-2022-42421

CVE.ORG link : CVE-2022-42421

JSON object : View

Products Affected

tracker-software

  • pdf-xchange_editor
CWE
CWE-787

Out-of-bounds Write