CVE-2024-8841

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 125

Summary

CVE-2024-8841 is an Information Disclosure vulnerability affecting PDF-XChange Editor. The flaw is rooted in the improper validation of user-supplied data during PDF file parsing. This can lead to an Out-Of-Bounds Read condition, allowing remote attackers to access sensitive information on affected systems. Exploitation requires the target to visit a malicious webpage or open a crafted PDF file. Though not directly stated, this vulnerability may also serve as a stepping stone for attackers to execute arbitrary code. The similar ZDI-CAN-24432 report was disclosed prior to the CVE.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share