CVE-2024-8831

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 29, 2024
CWE ID 125

Summary

CVE-2024-8831 is a remote code execution vulnerability affecting PDF-XChange Editor. Malicious XPS files can cause an out-of-bounds read, allowing attackers to execute arbitrary code on affected installations. User interaction, such as visiting a malicious webpage or opening a crafted file, is required for exploitation. The root cause of this issue is insufficient validation of user-supplied XPS file data, resulting in a read beyond the allocated buffer. This vulnerability, previously identified as ZDI-CAN-24316, poses a significant risk to systems using PDF-XChange Editor and should be addressed promptly.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share