Skip to main content

Pdf Tools

59 CVEs product

Monthly

CVE-2025-6661 HIGH This Week

CVE-2025-6661 is a use-after-free vulnerability in PDF-XChange Editor that allows remote code execution when users open malicious PDF files or visit compromised websites. The vulnerability exploits improper object validation in App object handling, enabling attackers to execute arbitrary code with the privileges of the current user. With a CVSS score of 7.8 and local attack vector requiring user interaction, this represents a significant risk to PDF-XChange Editor users, particularly in environments where documents from untrusted sources are frequently processed.

RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6660 HIGH This Week

CVE-2025-6660 is a heap-based buffer overflow vulnerability in PDF-XChange Editor's GIF file parsing engine that enables remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious GIF files or visit compromised web pages hosting malicious GIFs, requiring user interaction for exploitation. The flaw stems from inadequate validation of user-supplied data lengths before copying to fixed-length buffers, allowing attackers to overwrite heap memory and execute arbitrary code in the application's context.

Heap Overflow RCE Buffer Overflow Adobe Pdf Tools +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6659 HIGH This Week

CVE-2025-6659 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that allows remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects PDF-XChange Editor users who open malicious PRC files or visit compromised websites, requiring user interaction but no special privileges. While the vulnerability demonstrates significant local exploitation potential, real-world risk depends on KEV/CISA status, EPSS probability data, and proof-of-concept availability, which would indicate active threat actor interest.

RCE Buffer Overflow Adobe Pdf Xchange Pro Pdf Xchange Editor +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6654 HIGH This Week

CVE-2025-6654 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that enables remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor installations when users open malicious PRC files or visit compromised web pages, allowing attackers to execute arbitrary code in the application's context. The vulnerability (formerly tracked as ZDI-CAN-26729) requires user interaction but poses significant risk due to the ubiquity of PDF applications and the high impact of code execution.

RCE Buffer Overflow Adobe Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6651 HIGH This Week

CVE-2025-6651 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's JP2 image file parser that allows remote code execution when a user opens a malicious PDF or visits a malicious webpage containing an embedded JP2 file. The vulnerability (CVSS 7.8, formerly ZDI-CAN-26713) requires user interaction but results in arbitrary code execution with full process privileges. No public exploit code availability or active KEV status has been confirmed at this time, though the high CVSS and straightforward attack vector (local file opening) suggest meaningful real-world risk.

RCE Buffer Overflow Adobe Pdf Xchange Editor Pdf Tools
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6647 HIGH This Week

CVE-2025-6647 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's U3D file parsing engine that enables remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects users who open malicious PDF files or embedded U3D objects, requiring only user interaction to exploit. This is a memory corruption flaw in a widely-used PDF editor with moderate attack complexity, making it a practical threat to enterprise environments handling untrusted documents.

RCE Buffer Overflow Adobe Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6645 HIGH This Week

CVE-2025-6645 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor across multiple versions when processing malicious U3D-embedded PDF files; attackers can execute arbitrary code in the application's process context, requiring only user interaction to open a malicious file or visit a compromised webpage. The vulnerability was previously tracked as ZDI-CAN-26642 and represents a critical remote code execution risk for users of this widely-used PDF editor.

RCE Use After Free Adobe Pdf Xchange Editor Pdf Tools
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6644 HIGH This Week

CVE-2025-6644 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor across multiple versions when processing malicious U3D-embedded PDF files or standalone U3D files, requiring only user interaction to exploit. The flaw stems from insufficient object validation before dereferencing, enabling attackers to execute arbitrary code in the application context; exploitation likelihood and active KEV status would indicate real-world threat priority.

RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6642 HIGH This Week

CVE-2025-6642 is a critical out-of-bounds read vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with user interaction. The vulnerability affects PDF-XChange Editor across multiple versions and stems from improper validation of U3D file data structures, enabling attackers to read beyond allocated memory boundaries and execute arbitrary code in the application's context. While this vulnerability currently shows a CVSS 7.8 score indicating high severity, real-world exploitation requires user interaction (opening a malicious PDF or visiting a malicious page), moderating immediate organizational risk.

RCE Buffer Overflow Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-6640 HIGH This Week

CVE-2025-6640 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parsing engine that allows remote code execution when a user opens a malicious PDF or visits a compromised webpage containing a specially crafted U3D file. The vulnerability stems from insufficient object validation before operations, enabling arbitrary code execution in the context of the affected application with high impact on confidentiality, integrity, and availability. This is a local attack vector requiring user interaction, with a CVSS score of 7.8 indicating high severity.

RCE Use After Free Adobe Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2231 HIGH This Week

PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2024-8849 MEDIUM This Month

PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8848 MEDIUM This Month

PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8847 HIGH This Week

PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8846 MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8845 MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8844 MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8843 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8842 HIGH This Week

PDF-XChange Editor RTF File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8841 MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8840 HIGH This Week

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8839 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8838 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8837 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8836 MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8835 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8834 MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8833 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8832 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8831 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8830 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8829 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8828 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8827 HIGH This Week

PDF-XChange Editor PPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8826 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8825 HIGH This Week

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-8824 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8823 MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8822 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8821 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Pdf Tools +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-8820 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8819 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8818 HIGH This Week

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8817 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8816 MEDIUM This Month

PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE Memory Corruption Pdf Tools +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-8815 HIGH This Week

PDF-XChange Editor U3D File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8814 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8813 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-8812 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-27332 LOW Monitor

PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2024-27331 LOW Monitor

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2024-27330 LOW Monitor

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.0
3.3
EPSS
0.4%
CVE-2024-27329 MEDIUM This Month

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27328 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27327 HIGH This Week

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-27326 MEDIUM This Month

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27325 MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27324 MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-27323 HIGH This Week

PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Pdf Tools Pdf Xchange Editor
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6661 is a use-after-free vulnerability in PDF-XChange Editor that allows remote code execution when users open malicious PDF files or visit compromised websites. The vulnerability exploits improper object validation in App object handling, enabling attackers to execute arbitrary code with the privileges of the current user. With a CVSS score of 7.8 and local attack vector requiring user interaction, this represents a significant risk to PDF-XChange Editor users, particularly in environments where documents from untrusted sources are frequently processed.

RCE Pdf Tools Pdf Xchange Editor
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6660 is a heap-based buffer overflow vulnerability in PDF-XChange Editor's GIF file parsing engine that enables remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious GIF files or visit compromised web pages hosting malicious GIFs, requiring user interaction for exploitation. The flaw stems from inadequate validation of user-supplied data lengths before copying to fixed-length buffers, allowing attackers to overwrite heap memory and execute arbitrary code in the application's context.

Heap Overflow RCE Buffer Overflow +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6659 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that allows remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects PDF-XChange Editor users who open malicious PRC files or visit compromised websites, requiring user interaction but no special privileges. While the vulnerability demonstrates significant local exploitation potential, real-world risk depends on KEV/CISA status, EPSS probability data, and proof-of-concept availability, which would indicate active threat actor interest.

RCE Buffer Overflow Adobe +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6654 is an out-of-bounds write vulnerability in PDF-XChange Editor's PRC file parser that enables remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor installations when users open malicious PRC files or visit compromised web pages, allowing attackers to execute arbitrary code in the application's context. The vulnerability (formerly tracked as ZDI-CAN-26729) requires user interaction but poses significant risk due to the ubiquity of PDF applications and the high impact of code execution.

RCE Buffer Overflow Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6651 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's JP2 image file parser that allows remote code execution when a user opens a malicious PDF or visits a malicious webpage containing an embedded JP2 file. The vulnerability (CVSS 7.8, formerly ZDI-CAN-26713) requires user interaction but results in arbitrary code execution with full process privileges. No public exploit code availability or active KEV status has been confirmed at this time, though the high CVSS and straightforward attack vector (local file opening) suggest meaningful real-world risk.

RCE Buffer Overflow Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6647 is a critical out-of-bounds write vulnerability in PDF-XChange Editor's U3D file parsing engine that enables remote code execution with high integrity and confidentiality impact (CVSS 7.8). The vulnerability affects users who open malicious PDF files or embedded U3D objects, requiring only user interaction to exploit. This is a memory corruption flaw in a widely-used PDF editor with moderate attack complexity, making it a practical threat to enterprise environments handling untrusted documents.

RCE Buffer Overflow Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6645 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor across multiple versions when processing malicious U3D-embedded PDF files; attackers can execute arbitrary code in the application's process context, requiring only user interaction to open a malicious file or visit a compromised webpage. The vulnerability was previously tracked as ZDI-CAN-26642 and represents a critical remote code execution risk for users of this widely-used PDF editor.

RCE Use After Free Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6644 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects PDF-XChange Editor across multiple versions when processing malicious U3D-embedded PDF files or standalone U3D files, requiring only user interaction to exploit. The flaw stems from insufficient object validation before dereferencing, enabling attackers to execute arbitrary code in the application context; exploitation likelihood and active KEV status would indicate real-world threat priority.

RCE Pdf Tools Pdf Xchange Editor
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6642 is a critical out-of-bounds read vulnerability in PDF-XChange Editor's U3D file parser that allows remote code execution with user interaction. The vulnerability affects PDF-XChange Editor across multiple versions and stems from improper validation of U3D file data structures, enabling attackers to read beyond allocated memory boundaries and execute arbitrary code in the application's context. While this vulnerability currently shows a CVSS 7.8 score indicating high severity, real-world exploitation requires user interaction (opening a malicious PDF or visiting a malicious page), moderating immediate organizational risk.

RCE Buffer Overflow Pdf Tools +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-6640 is a use-after-free vulnerability in PDF-XChange Editor's U3D file parsing engine that allows remote code execution when a user opens a malicious PDF or visits a compromised webpage containing a specially crafted U3D file. The vulnerability stems from insufficient object validation before operations, enabling arbitrary code execution in the context of the affected application with high impact on confidentiality, integrity, and availability. This is a local attack vector requiring user interaction, with a CVSS score of 7.8 indicating high severity.

RCE Use After Free Adobe +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor RTF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor RTF File Parsing Uninitialized Variable Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Pdf Tools Pdf Xchange Editor
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor PPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure RCE +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor U3D File Parsing Memory Corruption Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Pdf Tools +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Pdf Tools Pdf Xchange Editor
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy