CVE-2024-8845

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 125

Summary

CVE-2024-8845 is a new Information Disclosure vulnerability affecting PDF-XChange Editor. This issue stems from an Out-Of-Bounds Read flaw in PDF file parsing. When processing malicious PDF files, an attacker can force the software to read past the allocated buffer, revealing sensitive information. User interaction is necessary for an exploit, as the target must visit a malicious webpage or open a malicious file. Unlike other vulnerabilities, this specific flaw does not allow for arbitrary code execution directly, but an attacker may combine it with other vulnerabilities to achieve that goal. The vulnerability was identified and reported as ZDI-CAN-24553 by the Zero Day Initiative.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share