CVE-2022-37369: PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Affected Software
Event History
Frequently Asked Questions
What is the vulnerability ID for this PDF-XChange Editor vulnerability?
The vulnerability ID for this PDF-XChange Editor vulnerability is CVE-2022-37369.
What is the severity level of CVE-2022-37369?
The severity level of CVE-2022-37369 is high with a score of 7.8.
How can remote attackers exploit CVE-2022-37369?
Remote attackers can exploit CVE-2022-37369 by executing arbitrary code on affected installations of PDF-XChange Editor through user interaction such as visiting a malicious page or opening a malicious file.
Which software versions are affected by CVE-2022-37369?
PDF-XChange Editor version 9.3.361.0 is affected by CVE-2022-37369.
Are there any references available for CVE-2022-37369?
Yes, you can find references for CVE-2022-37369 at the following links: [Link 1](https://www.tracker-software.com/product/pdf-xchange-editor/history) and [Link 2](https://www.zerodayinitiative.com/advisories/ZDI-22-1097/).