CVE-2018-16303 — XML External Entity (XXE) Injection in Editor

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

7.5HIGHNVD

CNA6.5

EPSS

1.0%

top 22.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pdf-xchange Editor

Timeline

PublishedSep 1

Latest updateMay 14

Description

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDpdf-xchange/pdf-xchange_editor7.0.326.1

🔴Vulnerability Details

GHSA

GHSA-55ph-9w63-r34w: PDF-XChange Editor through 7↗2022-05-14

▶

CVEList

CVE-2018-16303: PDF-XChange Editor through 7↗2018-09-01

▶