CVE-2024-8830
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Nov 29, 2024
CWE ID 787
Summary
CVE-2024-8830 is a remote code execution vulnerability affecting PDF-XChange Editor. Malicious XPS files can cause an out-of-bounds write issue during parsing, which attackers can exploit to execute arbitrary code on affected systems. This requires user interaction, such as visiting a malicious webpage or opening a malicious file. The vulnerability stems from insufficient validation of user-supplied data in the XPS file parser, resulting in a write past the end of an allocated buffer. This issue was identified as ZDI-CAN-24315.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- PDF-XChange Editor