CVE-2018-6462

HIGH

PDF-XChange Viewer and Viewer AX SDK < 2.5.322.8 - Remote Code Execution via YCC to RGB Color Space Conversion

Title source: llm
STIX 2.1

Description

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.tracker-software.com/company/news_press_events/view/179

Scores

CVSS v3 7.8
EPSS 0.0246
EPSS Percentile 82.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
tracker-software/pdf-xchange_viewer < 2.5.322.8
tracker-software/viewer_ax_sdk < 2.5.322.8
Published Jan 31, 2018
Tracked Since Feb 18, 2026