Skip to main content

Pdf Xchange Editor CVE-2025-6651

| EUVDEUVD-2025-19153 HIGH
Out-of-bounds Write (CWE-787)
2025-06-25 zdi-disclosures@trendmicro.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-19153
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
CVE Published
Jun 25, 2025 - 22:15 nvd
HIGH 7.8

DescriptionCVE.org

PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26713.

AnalysisAI

CVE-2025-6651 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's JP2 image file parser that allows remote code execution when a user opens a malicious PDF or visits a malicious webpage containing an embedded JP2 file. The vulnerability (CVSS 7.8, formerly ZDI-CAN-26713) requires user interaction but results in arbitrary code execution with full process privileges. No public exploit code availability or active KEV status has been confirmed at this time, though the high CVSS and straightforward attack vector (local file opening) suggest meaningful real-world risk.

Technical ContextAI

PDF-XChange Editor is a commercial PDF manipulation application that includes support for various image formats embedded within PDF documents, including JPEG2000 (JP2) images. The vulnerability exists in the JP2 file parser module, which fails to properly validate user-supplied data during image decoding. This results in a CWE-787 (Out-of-bounds Write) condition where the parser writes data past the end of an allocated heap or stack buffer. JPEG2000 parsing is computationally complex with numerous tile, component, and resolution level parameters that can be maliciously crafted. The lack of bounds checking before writing parsed image data creates a classic buffer overflow vulnerability that can be leveraged to corrupt adjacent memory structures and achieve code execution within the PDF-XChange Editor process context.

RemediationAI

Patch availability and specific patched versions have not been provided in the source data. Recommended actions: (1) Contact Tracker Software Products directly or visit their security advisories page for the patched version; (2) As interim mitigation, disable or restrict JP2 image rendering in PDF-XChange Editor if user preferences allow; (3) Educate users not to open PDF files from untrusted sources, particularly those containing images; (4) Implement application whitelisting or sandboxing of PDF-XChange Editor if feasible; (5) Monitor for vendor security bulletin at tracker-software.com; (6) Apply patch immediately upon availability given RCE severity. No known workaround exists for users who must process untrusted PDFs—patching is required.

CVE-2018-16303 HIGH POC
7.5 Sep 01

PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service (resource consumption) via a c

CVE-2025-58113 MEDIUM POC
6.5 Dec 02

An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.7.3.401

CVE-2025-0903 HIGH
8.8 Feb 11

PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity

CVE-2025-0910 HIGH
8.8 Feb 11

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 8

CVE-2025-0899 HIGH
8.8 Feb 11

PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vul

CVE-2025-0901 HIGH
8.8 Feb 11

PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), th

CVE-2025-0911 HIGH
8.8 Feb 11

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8

CVE-2025-0909 HIGH
8.8 Feb 11

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8

CVE-2025-0908 HIGH
8.8 Feb 11

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8

CVE-2025-0907 HIGH
8.8 Feb 11

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8

CVE-2025-0906 HIGH
8.8 Feb 11

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8

CVE-2025-0905 HIGH
8.8 Feb 11

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8

Share

CVE-2025-6651 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy