CVE-2025-6651

High CVSS: 7.8

PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26713.

Vendor

Pdf-xchange

Product

Pdf-tools

CWE

CWE-787

Yayın Tarihi

2025-06-25 22:15:22

Güncelleme

2025-07-01 19:28:16

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-787 Pdf-tools HIGH Pdf-xchange 2025

Referanslar

https://www.pdf-xchange.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-25-436/

Benzer Kayıtlar

High

CVE-2025-64085

A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows att…

High

CVE-2025-64086

A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allo…

Medium

CVE-2025-58113

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401…

Medium

CVE-2025-47152

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396…

Medium

CVE-2025-27931

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using…

Low

CVE-2025-6662

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows r…