CVE-2018-6462

NONE EPSS 82.8%
Published Jan 31, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 31, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.

Threat Intelligence

EPSS Exploit Probability
82.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 2

VendorProductVersionRange
tracker-softwarepdf-xchange_viewer* <2.5.322.8
tracker-softwareviewer_ax_sdk* <2.5.322.8

References 2

  • herolab.usd.de https://herolab.usd.de/wp-content/uploads/sites/4/2018/07/usd20180019.txt
  • tracker-software.com https://www.tracker-software.com/company/news_press_events/view/179
    PatchVendor Advisory

Remediation

  • tracker-software.com https://www.tracker-software.com/company/news_press_events/view/179
    PatchVendor Advisory