Pdf-Xchange Editor vulnerabilities
289 known vulnerabilities affecting pdf-xchange/pdf-xchange_editor.
Total CVEs
289
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH166MEDIUM106LOW17
Vulnerabilities
Page 9 of 15
CVE-2022-42380P3HIGHCVSS 7.8fixed in 9.5.366.0v9.4.363.02023-01-26
CVE-2022-42380 [HIGH] CWE-787 CVE-2022-42380: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a writ
nvd
CVE-2022-42381P3HIGHCVSS 7.8fixed in 9.5.366.0v9.4.363.02023-01-26
CVE-2022-42381 [HIGH] CWE-787 CVE-2022-42381: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a writ
nvd
CVE-2023-24308P3HIGHCVSS 7.8v9.32023-03-28
CVE-2023-24308 [HIGH] CWE-755 CVE-2023-24308: A potential memory vulnerability due to insufficient input validation in PDFXEditCore.x64.dll in PDF
A potential memory vulnerability due to insufficient input validation in PDFXEditCore.x64.dll in PDF-XChange Editor version 9.3 by Tracker Software may allow attackers to execute code when a user opens a crafted PDF file. The issue occurs when handling a large number of objects in a PDF file.
nvd
CVE-2019-17497P4MEDIUMCVSS 6.5fixed in 8.0.330.02019-10-11
CVE-2019-17497 [MEDIUM] CVE-2019-17497: Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted F
Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.
nvd
CVE-2025-58113P3MEDIUMCVSS 6.5v10.7.3.4012025-12-02
CVE-2025-58113 [MEDIUM] CWE-125 CVE-2025-58113: An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChan
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
nvd
CVE-2025-64086P4HIGHCVSS 7.5v10.7.3.4012025-12-09
CVE-2025-64086 [HIGH] CWE-476 CVE-2025-64086: A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Edi
A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.
nvd
CVE-2025-27931P4MEDIUMCVSS 6.5v10.5.2.3952025-08-05
CVE-2025-27931 [MEDIUM] CWE-125 CVE-2025-27931: An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
nvd
CVE-2025-64085P4HIGHCVSS 7.5v10.7.3.4012025-12-09
CVE-2025-64085 [HIGH] CWE-476 CVE-2025-64085: A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v1
A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.
nvd
CVE-2025-47152P4MEDIUMCVSS 6.5v10.6.0.3962025-08-05
CVE-2025-47152 [MEDIUM] CWE-125 CVE-2025-47152: An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChan
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
nvd
CVE-2018-16303P4HIGHCVSS 7.5≤ 7.0.326.12018-09-01
CVE-2018-16303 [HIGH] CVE-2018-16303: PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.
nvd
CVE-2018-18689P4MEDIUMCVSS 5.3v7.0.237.1v7.0.3262021-01-07
CVE-2018-18689 [MEDIUM] CWE-347 CVE-2018-18689: The Portable Document Format (PDF) specification does not provide any information regarding the conc
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Fox
nvd
CVE-2023-42046P4MEDIUMCVSS 5.5v10.0.1.371v9.5.368.02024-05-03
CVE-2023-42046 [MEDIUM] CWE-457 CVE-2023-42046: PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. Thi
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi
nvd
CVE-2023-42056P4MEDIUMCVSS 5.5v9.5.368.02024-05-03
CVE-2023-42056 [MEDIUM] CWE-457 CVE-2023-42056: PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability. Thi
PDF-XChange Editor U3D File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi
nvd
CVE-2023-42079P4MEDIUMCVSS 5.5v10.0.1.3712024-05-03
CVE-2023-42079 [MEDIUM] CWE-457 CVE-2023-42079: PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. Thi
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi
nvd
CVE-2023-42048P4MEDIUMCVSS 5.5v10.0.1.371v9.5.368.02024-05-03
CVE-2023-42048 [MEDIUM] CWE-457 CVE-2023-42048: PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. Thi
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi
nvd
CVE-2023-39484P4MEDIUMCVSS 5.5v10.0.1.371v9.4.362.02024-05-03
CVE-2023-39484 [MEDIUM] CWE-457 CVE-2023-39484: PDF-XChange Editor PDF File Parsing Uninitialized Variable Information Disclosure Vulnerability. Thi
PDF-XChange Editor PDF File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fi
nvd
CVE-2022-37368P4MEDIUMCVSS 5.5v9.3.361.02023-03-29
CVE-2022-37368 [MEDIUM] CWE-125 CVE-2022-37368: This vulnerability allows remote attackers to disclose sensitive information on affected installatio
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScr
nvd
CVE-2023-27338P4MEDIUMCVSS 5.5v9.4.362.0v9.4.363.02024-05-03
CVE-2023-27338 [MEDIUM] CWE-416 CVE-2023-27338: PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulner
PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The
nvd
CVE-2023-42050P4MEDIUMCVSS 5.5v9.5.368.02024-05-03
CVE-2023-42050 [MEDIUM] CWE-416 CVE-2023-42050: PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulner
PDF-XChange Editor EMF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The
nvd
CVE-2024-8821P4MEDIUMCVSS 5.5v10.3.0.3862024-11-22
CVE-2024-8821 [MEDIUM] CWE-416 CVE-2024-8821: PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vulner
PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The s
nvd