Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tracker-software Subscribe
Filtered by product Pdf-xchange Viewer
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-18689 13 Apple, Avanquest, Foxitsoftware and 10 more 20 Macos, Expert Pdf Ultimate, Pdf Experte Ultimate and 17 more 2021-01-15 5.0 MEDIUM 5.3 MEDIUM
The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, a Signature Wrapping vulnerability exists in multiple products. An attacker can use /ByteRange and xref manipulations that are not detected by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects eXpert PDF 12 Ultimate, Expert PDF Reader, Nitro Pro, Nitro Reader, PDF Architect 6, PDF Editor 6 Pro, PDF Experte 9 Ultimate, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, PDF-XChange Editor and Viewer, Perfect PDF 10 Premium, Perfect PDF Reader, Soda PDF, and Soda PDF Desktop.
CVE-2018-6462 1 Tracker-software 2 Pdf-xchange Viewer, Viewer Ax Sdk 2019-10-02 6.8 MEDIUM 7.8 HIGH
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.
CVE-2010-5245 1 Tracker-software 1 Pdf-xchange Viewer 2018-10-30 6.9 MEDIUM N/A
Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build 54.0 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information.
CVE-2013-0729 1 Tracker-software 1 Pdf-xchange Viewer 2018-10-30 9.3 HIGH N/A
Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file.
CVE-2017-13056 1 Tracker-software 1 Pdf-xchange Viewer 2018-01-09 6.8 MEDIUM 7.8 HIGH
The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.