EUVD-2025-19153
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26713.
Analysis
CVE-2025-6651 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's JP2 image file parser that allows remote code execution when a user opens a malicious PDF or visits a malicious webpage containing an embedded JP2 file. The vulnerability (CVSS 7.8, formerly ZDI-CAN-26713) requires user interaction but results in arbitrary code execution with full process privileges. No public exploit code availability or active KEV status has been confirmed at this time, though the high CVSS and straightforward attack vector (local file opening) suggest meaningful real-world risk.
Technical Context
PDF-XChange Editor is a commercial PDF manipulation application that includes support for various image formats embedded within PDF documents, including JPEG2000 (JP2) images. The vulnerability exists in the JP2 file parser module, which fails to properly validate user-supplied data during image decoding. This results in a CWE-787 (Out-of-bounds Write) condition where the parser writes data past the end of an allocated heap or stack buffer. JPEG2000 parsing is computationally complex with numerous tile, component, and resolution level parameters that can be maliciously crafted. The lack of bounds checking before writing parsed image data creates a classic buffer overflow vulnerability that can be leveraged to corrupt adjacent memory structures and achieve code execution within the PDF-XChange Editor process context.
Affected Products
PDF-XChange Editor (specific versions not disclosed in the provided description). The vulnerability identifier ZDI-CAN-26713 references the Trend Micro Zero Day Initiative disclosure, suggesting this was discovered through their coordinated disclosure program. Affected CPE would be expected in form: cpe:2.3:a:tracker-software:pdf-xchange-editor:*:*:*:*:*:*:*:* with specific version constraints to be determined from vendor advisory. Tracker Software Products (the vendor) has not released version information in the provided data; check Tracker Software advisories and NIST NVD for affected version ranges.
Remediation
Patch availability and specific patched versions have not been provided in the source data. Recommended actions: (1) Contact Tracker Software Products directly or visit their security advisories page for the patched version; (2) As interim mitigation, disable or restrict JP2 image rendering in PDF-XChange Editor if user preferences allow; (3) Educate users not to open PDF files from untrusted sources, particularly those containing images; (4) Implement application whitelisting or sandboxing of PDF-XChange Editor if feasible; (5) Monitor for vendor security bulletin at tracker-software.com; (6) Apply patch immediately upon availability given RCE severity. No known workaround exists for users who must process untrusted PDFs—patching is required.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today