CVE-2025-6660
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-07
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pdf-xchange | pdf-tools | 10.5.2.395 |
| pdf-xchange | pdf-xchange_editor | 10.5.2.395 |
| pdf-xchange | pdf-xchange_pro | 10.5.2.395 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow in the GIF file parsing component of PDF-XChange Editor. It occurs because the software does not properly validate the length of user-supplied data before copying it into a fixed-length buffer on the heap. Exploiting this flaw requires user interaction, such as opening a malicious file or visiting a malicious webpage, and allows remote attackers to execute arbitrary code within the context of the affected process.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the PDF-XChange Editor process. This could lead to unauthorized actions such as installing malware, stealing data, or taking control of the affected system. Exploitation requires user interaction, like opening a malicious file or visiting a malicious webpage.