CVE-2018-6462
HIGHPDF-XChange Viewer and Viewer AX SDK < 2.5.322.8 - Remote Code Execution via YCC to RGB Color Space Conversion
Title source: llmDescription
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.tracker-software.com/company/news_press_events/view/179
Various Sources x_refsource_misc
https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt
Scores
CVSS v3
7.8
EPSS
0.0246
EPSS Percentile
82.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (2)
tracker-software/pdf-xchange_viewer
< 2.5.322.8
tracker-software/viewer_ax_sdk
< 2.5.322.8
Published
Jan 31, 2018
Tracked Since
Feb 18, 2026