The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.

🗓️ 26 Sep 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

The PDF-XChange Editor buffer overflow allows arbitrary code execution via a crafted JB2 format file.

Reporter	Title	Published	Views	Family All 10
CNNVD	PDF-XChange Editor 缓冲区错误漏洞	22 Nov 202400:00	–	cnnvd
CVE	CVE-2024-8840	22 Nov 202421:05	–	cve
Cvelist	CVE-2024-8840 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability	22 Nov 202421:05	–	cvelist
EUVD	EUVD-2024-49568	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8840	22 Nov 202421:15	–	nvd
OSV	CVE-2024-8840	22 Nov 202421:15	–	osv
Tenable Nessus	PDF-XChange Editor < 10.4.0.387 Multiple Vulnerabilities	20 Sep 202400:00	–	nessus
Positive Technologies	PT-2024-6416 · Unknown · Pdf-Xchange Editor	16 Sep 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-8840 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability	22 Nov 202421:05	–	vulnrichment
Zero Day Initiative	PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability	17 Sep 202400:00	–	zdi

Vulners

Node

tracker_software_products pdf-xchange_editorRange<10.3.1.387

Source	Link
safe-surf	www.safe-surf.ru/upload/VULN-new/VULN.2024-09-23.1.pdf
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-1263/
pdf-xchange	www.pdf-xchange.com/index.php/support/security-bulletins.html
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-1263/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24420/

26 Sep 2024 00:00Current

8High risk

Vulners AI Score8

CVSS 27.2

CVSS 37.8

EPSS0.00457

PDF-XChange Editor Buffer overflow Arbitrary code execution JB2 format