Filtered by vendor Tracker-software
Subscribe
Total
73 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42386 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18655. | |||||
CVE-2022-42412 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18324. | |||||
CVE-2022-42411 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. Crafted data in a JPC file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18306. | |||||
CVE-2022-42413 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18368. | |||||
CVE-2022-42390 | 1 Tracker-software | 1 Pdf-xchange Editor | 2023-01-27 | N/A | 5.5 MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18659. | |||||
CVE-2018-18689 | 13 Apple, Avanquest, Foxitsoftware and 10 more | 20 Macos, Expert Pdf Ultimate, Pdf Experte Ultimate and 17 more | 2021-01-15 | 5.0 MEDIUM | 5.3 MEDIUM |
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop. | |||||
CVE-2019-17497 | 1 Tracker-software | 1 Pdf-xchange Editor | 2019-10-16 | 4.3 MEDIUM | 6.5 MEDIUM |
Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction. | |||||
CVE-2018-6462 | 1 Tracker-software | 2 Pdf-xchange Viewer, Viewer Ax Sdk | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. | |||||
CVE-2018-16303 | 1 Tracker-software | 1 Pdf-xchange Editor | 2018-10-31 | 5.0 MEDIUM | 7.5 HIGH |
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564. | |||||
CVE-2010-5245 | 1 Tracker-software | 1 Pdf-xchange Viewer | 2018-10-30 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54.0 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-0729 | 1 Tracker-software | 1 Pdf-xchange Viewer | 2018-10-30 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file. | |||||
CVE-2017-13056 | 1 Tracker-software | 1 Pdf-xchange Viewer | 2018-01-09 | 6.8 MEDIUM | 7.8 HIGH |
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. | |||||
CVE-2012-5324 | 1 Tracker-software | 1 Pdf-xchange | 2017-09-01 | 9.3 HIGH | N/A |
Multiple buffer overflows in the Pdf Printer Preferences ActiveX Control in pdfxctrl.dll in Tracker Software PDF-XChange 3.60.0128 allow remote attackers to execute arbitrary code via a long string in the (1) sub_path parameter to the StoreInRegistry function or (2) sub_key parameter to the InitFromRegistry function. |