CVE-2022-37374
published 2023-03-29CVE-2022-37374: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit…
PriorityP342high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.77%
51.0th percentile
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18068.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pdf-xchange | pdf-xchange_editor | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Tracker Software PDF-XChange Editor PNG File Parser use after free (ZDI-22-1102 / EUVD-2022-40008)
vuldb·2026-06-19·CVSS 7.8
CVE-2022-37374 [HIGH] Tracker Software PDF-XChange Editor PNG File Parser use after free (ZDI-22-1102 / EUVD-2022-40008)
A vulnerability classified as critical was found in Tracker Software PDF-XChange Editor. This affects an unknown part of the component PNG File Parser. Executing a manipulation can lead to use after free.
This vulnerability is handled as CVE-2022-37374. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
GHSA
GHSA-mp6x-jhfm-fxfq: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor
ghsa_unreviewed·2023-03-29
CVE-2022-37374 [HIGH] CWE-416 GHSA-mp6x-jhfm-fxfq: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18068.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-29
Published