Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pdf-xchange vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2013-0729
Heap-based buffer overflow in Tracker Software PDF-XChange prior to 2.5.208 allows remote malicious users to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file.
Tracker-software Pdf-xchange Viewer
9.3
CVSSv2
CVE-2012-5324
Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote malicious users to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry function or (2) sub_key...
Tracker-software Pdf-xchange 3.60.0128
1 EDB exploit
6.9
CVSSv2
CVE-2010-5245
Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54.0 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained...
Tracker-software Pdf-xchange Viewer 2.0.54.0
6.8
CVSSv2
CVE-2018-6462
Tracker PDF-XChange Viewer and Viewer AX SDK prior to 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote malicious users to execute arbitrary code via a crafted PDF document.
Tracker-software Viewer Ax Sdk
Tracker-software Pdf-xchange Viewer
6.8
CVSSv2
CVE-2017-13056
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote malicious users to execute arbitrary code via a crafted PDF file.
Tracker-software Pdf-xchange Viewer 2.5
1 EDB exploit
5
CVSSv2
CVE-2018-18689
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations th...
Avanquest Expert Pdf Ultimate 12.0.20
Avanquest Pdf Experte Ultimate 9.0.270
Foxitsoftware Foxit Reader 9.1.0
Foxitsoftware Foxit Reader 9.2.0.9297
Foxitsoftware Foxit Reader 9.3.0.10826
Gonitro Nitro Pro 11.0.3.173
Gonitro Nitro Reader 5.5.9.2
Iskysoft Pdf Editor 6 6.4.2.3521
Iskysoft Pdfelement6 6.8.0.3523
Iskysoft Pdfelement6 6.8.4.3921
Pdfforge Pdf Architect 6.0.37
Pdfforge Pdf Architect 6.1.24.1862
Qoppa Pdf Studio 12.0.7
Qoppa Pdf Studio Viewer 2018 2018.0.1
Qoppa Pdf Studio Viewer 2018 2018.2.0
Sodapdf Soda Pdf 9.3.17
Sodapdf Soda Pdf Desktop 10.2.09
Sodapdf Soda Pdf Desktop 10.2.16.1217
Soft-xpansion Perfect Pdf 10 10.0.0.1
Soft-xpansion Perfect Pdf Reader 13.0.3
Soft-xpansion Perfect Pdf Reader 13.1.5
Tracker-software Pdf-xchange Editor 7.0.237.1
5
CVSSv2
CVE-2018-16303
PDF-XChange Editor up to and including 7.0.326.1 allows remote malicious users to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564.
Tracker-software Pdf-xchange Editor
4.3
CVSSv2
CVE-2019-17497
Tracker PDF-XChange Editor prior to 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.
Tracker-software Pdf-xchange Editor
1 Github repository
NA
CVE-2023-42040
PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must ...
NA
CVE-2023-42041
PDF-XChange Editor Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the tar...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »