CVE-2025-6660

High CVSS: 7.8

PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26763.

Vendor

Pdf-xchange

Product

Pdf-tools

CWE

CWE-122

Yayın Tarihi

2025-06-25 22:15:23

Güncelleme

2025-07-07 17:37:13

Source Identifier

zdi-disclosures@trendmicro.com

KEV Date Added

Kategoriler

CWE-122 Pdf-tools HIGH Pdf-xchange 2025

Referanslar

https://www.pdf-xchange.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-25-443/

Benzer Kayıtlar

High

CVE-2025-64085

A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows att…

High

CVE-2025-64086

A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allo…

Medium

CVE-2025-58113

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401…

Medium

CVE-2025-47152

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396…

Medium

CVE-2025-27931

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using…

Low

CVE-2025-6662

PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows r…