CVE-2023-42050 — Use After Free in Editor

CWE-416 — Use After Free3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.6%

top 30.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pdf-xchange Editor Pdf-xchange Pdf-tools

Timeline

PublishedMay 3

Description

PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing o…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5pdf-xchange/pdf-xchange_editor9.5.368.0

▶NVDpdf-xchange/pdf-xchange_editor9.5.368.0

▶NVDpdf-xchange/pdf-tools9.5.368.0

🔴Vulnerability Details

GHSA

GHSA-xxr2-w49x-7xv2: PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability↗2024-05-03

▶

CVEList

PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability↗2024-05-03

▶