Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.
References
Link | Resource |
---|---|
https://www.tracker-software.com/company/news_press_events/view/179 | Patch Vendor Advisory |
https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-01-31 10:29
Updated : 2019-10-02 17:03
NVD link : CVE-2018-6462
Mitre link : CVE-2018-6462
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
tracker-software
- pdf-xchange_viewer
- viewer_ax_sdk