CVE-2024-8840
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 125
Summary
CVE-2024-8840 is a remote code execution vulnerability affecting PDF-XChange Editor. Malicious JB2 files can trigger an out-of-bounds read issue in the software, leading to arbitrary code execution. The flaw stems from insufficient validation of user-supplied data during file parsing. Attackers can exploit this vulnerability by luring users to visit malicious webpages or open malicious files, resulting in the execution of their code in the affected system's context. This vulnerability was previously identified as ZDI-CAN-24420.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share