Title: PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ID: - ZDI-22-1097 - ZDI-CAN-17724 CVE ID: CVE-2022-37369 CVSS Score: 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Affected Vendor: PDF-XChange Affected Product: PDF-XChange Editor Vulnerability Details: - Allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. - Requires user interaction to exploit by visiting a malicious page or opening a malicious file. - Flaw exists in the parsing of PDF files, triggering a write past the end of an allocated buffer. - Attacker can leverage to execute code in the context of the current process. Additional Details: PDF-XChange has issued an update. More details available at: https://www.tracker-software.com/product/pdf-xchange-editor/history Disclosure Timeline: - 2022-06-30: Vulnerability reported to vendor - 2022-08-18: Coordinated public release of advisory Credit: Anonymous