CVE-2025-64085
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pdf-xchange | pdf-xchange_editor | 10.7.3.401 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the importDataObject() function of PDF-XChange Editor version 10.7.3.401. It allows attackers to cause a Denial of Service (DoS) by providing specially crafted input that triggers the error.
How can this vulnerability impact me? :
The vulnerability can cause the PDF-XChange Editor application to crash or become unavailable, resulting in a Denial of Service (DoS) condition.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or Denial of Service events in PDF-XChange Editor when processing PDF files, especially those invoking the importDataObject() function with crafted inputs. Specifically, look for application crashes with Access Violation (code c0000005) errors related to malformed URI schemes or file paths in PDFs. There are no specific commands provided in the resources to detect this vulnerability on your system or network. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the vendor patch released after the vulnerability was reported. Avoid opening or processing untrusted or suspicious PDF files that may exploit the importDataObject() function. Until patched, restrict usage of PDF-XChange Editor version 10.7.3.401 or earlier versions vulnerable to this issue. [2]