CVE-2024-8821

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 416

Summary

CVE-2024-8821 is a newly disclosed vulnerability affecting PDF-XChange Editor. This issue involves the improper handling of U3D files during parsing, leading to a Use-After-Free information disclosure vulnerability. Remote attackers can exploit this flaw by creating specially crafted files or malicious web pages, requiring user interaction to trigger the vulnerability. The lack of object validation allows an attacker to access sensitive information on the affected system. Additionally, this vulnerability may be combined with other weaknesses to execute arbitrary code. This vulnerability was reported as ZDI-CAN-24216 by the Zero Day Initiative.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share