Pdf-Xchange Editor vulnerabilities
289 known vulnerabilities affecting pdf-xchange/pdf-xchange_editor.
Total CVEs
289
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH166MEDIUM106LOW17
Vulnerabilities
Page 10 of 15
CVE-2023-39495MEDIUMCVSS 5.5v9.5.366.02024-05-03
CVE-2023-39495 [MEDIUM] CWE-749 CVE-2023-39495: PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerabilit
PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici
cvelistv5nvd
CVE-2023-42048MEDIUMCVSS 5.5v10.0.1.371v9.5.368.02024-05-03
CVE-2023-42048 [MEDIUM] CWE-457 CVE-2023-42048: PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. Thi
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi
cvelistv5nvd
CVE-2023-42072MEDIUMCVSS 5.5v9.5.368.02024-05-03
CVE-2023-42072 [MEDIUM] CWE-125 CVE-2023-42072: PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor JPC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
cvelistv5nvd
CVE-2024-27327HIGHCVSS 7.8v10.1.1.3812024-04-01
CVE-2024-27327 [HIGH] CWE-787 CVE-2024-27327: PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vu
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The speci
cvelistv5nvd
CVE-2024-27323HIGHCVSS 7.5v10.1.1.3812024-04-01
CVE-2024-27323 [HIGH] CWE-295 CVE-2024-27323: PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This
PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability.
The specific flaw exists within the update functionality. The is
cvelistv5nvd
CVE-2024-27328MEDIUMCVSS 5.5v10.1.1.3812024-04-01
CVE-2024-27328 [MEDIUM] CWE-125 CVE-2024-27328: PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
cvelistv5nvd
CVE-2024-27325MEDIUMCVSS 5.5v10.1.1.3812024-04-01
CVE-2024-27325 [MEDIUM] CWE-125 CVE-2024-27325: PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
cvelistv5nvd
CVE-2024-27326MEDIUMCVSS 5.5v10.1.1.3812024-04-01
CVE-2024-27326 [MEDIUM] CWE-125 CVE-2024-27326: PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
cvelistv5nvd
CVE-2024-27324MEDIUMCVSS 5.5≥ 10.1.1.381, < 10.1.3.383v10.1.1.3812024-04-01
CVE-2024-27324 [MEDIUM] CWE-125 CVE-2024-27324: PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
cvelistv5nvd
CVE-2024-27329MEDIUMCVSS 5.5v10.1.1.3812024-04-01
CVE-2024-27329 [MEDIUM] CWE-125 CVE-2024-27329: PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
cvelistv5nvd
CVE-2024-27330LOWCVSS 3.3v10.1.1.3812024-04-01
CVE-2024-27330 [LOW] CWE-125 CVE-2024-27330: PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Th
cvelistv5nvd
CVE-2024-27331LOWCVSS 3.3v10.1.1.3812024-04-01
CVE-2024-27331 [LOW] CWE-125 CVE-2024-27331: PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Th
cvelistv5nvd
CVE-2024-27332LOWCVSS 3.3v10.1.1.3812024-04-01
CVE-2024-27332 [LOW] CWE-125 CVE-2024-27332: PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vu
PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Th
cvelistv5nvd
CVE-2022-37350HIGHCVSS 7.8v9.3.361.02023-03-29
CVE-2022-37350 [HIGH] CWE-125 CVE-2022-37350: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Collab objects. By performing actions in JavaScript, an
cvelistv5nvd
CVE-2022-37357HIGHCVSS 7.8v9.3.361.02023-03-29
CVE-2022-37357 [HIGH] CWE-787 CVE-2022-37357: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. Crafted data in an ICO file can trigger a wri
cvelistv5nvd
CVE-2022-37354HIGHCVSS 7.8v9.3.361.02023-03-29
CVE-2022-37354 [HIGH] CWE-787 CVE-2022-37354: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a writ
cvelistv5nvd
CVE-2022-37365HIGHCVSS 7.8v9.3.361.02023-03-29
CVE-2022-37365 [HIGH] CWE-749 CVE-2022-37365: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs method. The application exposes a JavaScript interface that
cvelistv5nvd
CVE-2022-37358HIGHCVSS 7.8v9.3.361.02023-03-29
CVE-2022-37358 [HIGH] CWE-787 CVE-2022-37358: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. Crafted data in a JPG file can trigger a writ
cvelistv5nvd
CVE-2022-37359HIGHCVSS 7.8v9.3.361.02023-03-29
CVE-2022-37359 [HIGH] CWE-416 CVE-2022-37359: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating
cvelistv5nvd
CVE-2022-37363HIGHCVSS 7.8v9.3.361.02023-03-29
CVE-2022-37363 [HIGH] CWE-125 CVE-2022-37363: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a rea
cvelistv5nvd