The vulnerability of PDF-XChange Editor’s document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing attackers to execute arbitrary code.

🗓️ 03 Oct 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 6 Views

Buffer overflow in PDF XChange Editor enables arbitrary code execution via a crafted JPG file.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2023-42111	3 May 202403:15	–	attackerkb
CNNVD	PDF-XChange Editor 安全漏洞	3 May 202400:00	–	cnnvd
CVE	CVE-2023-42111	3 May 202402:13	–	cve
Cvelist	CVE-2023-42111 PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability	3 May 202402:13	–	cvelist
EUVD	EUVD-2023-46570	3 Oct 202520:07	–	euvd
NVD	CVE-2023-42111	3 May 202403:15	–	nvd
OSV	CVE-2023-42111	3 May 202403:15	–	osv
Positive Technologies	PT-2023-5584 · Pdf Xchange · Pdf-Xchange Editor	29 Sep 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-42111 PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability	3 May 202402:13	–	vulnrichment
Zero Day Initiative	PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability	29 Sep 202300:00	–	zdi

Vulners

Node

tracker_software_products pdf-toolsMatch10.1.0.380

OR

tracker_software_products pdf-xchange_editorMatch10.1.0.380

OR

tracker_software_products pdf-xchange_proMatch10.1.0.380

Source	Link
vuldb	www.vuldb.com/
tracker-software	www.tracker-software.com/support/security-bulletins.html
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-1481/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-CAN-22138/

03 Oct 2023 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 27.2

CVSS 37.8

EPSS0.00406

PDF XChange Editor buffer overflow arbitrary code execution crafted JPG file document viewing editing