This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18703.
References
Link | Resource |
---|---|
https://www.tracker-software.com/product/pdf-xchange-editor/history | Release Notes Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-22-1393/ | Third Party Advisory VDB Entry |
Configurations
History
28 Jan 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (N/A) https://www.zerodayinitiative.com/advisories/ZDI-22-1393/ - Third Party Advisory, VDB Entry | |
References | (N/A) https://www.tracker-software.com/product/pdf-xchange-editor/history - Release Notes, Vendor Advisory | |
First Time |
Tracker-software pdf-xchange Editor
Tracker-software |
|
CPE | cpe:2.3:a:tracker-software:pdf-xchange_editor:*:*:*:*:*:*:*:* | |
CWE | CWE-787 |
26 Jan 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
Summary | This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18703. |
26 Jan 2023, 18:59
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-26 18:59
Updated : 2023-12-10 14:48
NVD link : CVE-2022-42421
Mitre link : CVE-2022-42421
CVE.ORG link : CVE-2022-42421
JSON object : View
Products Affected
tracker-software
- pdf-xchange_editor
CWE
CWE-787
Out-of-bounds Write