Описание
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.322.8 (исключая)Версия до 2.5.322.8 (исключая)
Одно из
cpe:2.3:a:tracker-software:pdf-xchange_viewer:*:*:*:*:*:*:*:*
cpe:2.3:a:tracker-software:viewer_ax_sdk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00682
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.
EPSS
Процентиль: 71%
0.00682
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787