5 matches found
CVE-2018-18689
CVE-2018-18689 describes a Signature Wrapping issue in PDF signature validation caused by missing guidance in the PDF spec, allowing attackers to manipulate /ByteRange and xref without detection. The vulnerability affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4, as ...
CVE-2013-0729
The CVE-2013-0729 entry corresponds to a heap-based buffer overflow in Tracker Software PDF-XChange Viewer prior to 2.5.208, exploitable via a crafted Define Huffman Table header in a JPEG image stream embedded in a PDF. The affected component is the JPEG processing/parsing within the PDF pipelin...
CVE-2017-13056
The CVE-2017-13056 entry concerns PDF-XChange Viewer 2.5 (Build 314.0) and its launchURL function. Multiple connected sources (CNVD-2018-01636, NVD, CVE records, and PacketStorm) confirm a remote code execution vulnerability caused by a flaw in the app.launchURL path that accepts a crafted PDF fi...
CVE-2018-6462
Tracker PDF-XChange Viewer and Viewer AX SDK prior to 2.5.322.8 are affected by a vulnerability in YCC to RGB color-space conversion that uses 1 bpc instead of 8 bpc, allowing remote code execution via a crafted PDF document. Affected products: Tracker PDF-XChange Viewer and Viewer AX SDK. Root c...
CVE-2010-5245
CVE-2010-5245 describes an untrusted search path vulnerability (DLL hijacking) in PDF-XChange Viewer 2.0 Build 54.0. A local attacker can gain privileges by placing a malicious wintab32.dll in the current working directory, as demonstrated with a directory containing a .pdf file. The root cause i...