Arbitrary Code Execution Vulnerability in Tracker PDF-XChange Viewer and Viewer AX SDK

Arbitrary Code Execution Vulnerability in Tracker PDF-XChange Viewer and Viewer AX SDK

CVE-2018-6462 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.

Learn more about our Web Application Penetration Testing UK.