CVE-2024-8819

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 125

Summary

CVE-2024-8819 is an Information Disclosure vulnerability in PDF-XChange Editor's U3D file parsing functionality. This weakness allows remote attackers to read sensitive information from affected systems. The vulnerability arises due to insufficient validation of user-supplied data, leading to an Out-of-Bounds Read condition. To exploit this issue, users must visit a malicious website or open a malicious file. While this vulnerability does not directly result in code execution, it can be combined with other flaws to achieve that goal. (Was ZDI-CAN-24214)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share