CVE Vulnerability

CVE-2022-24960

A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json Third Party Advisory
https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/ Vendor Advisory
Configurations

Configuration 1
Information

Published : 2022-03-10 05:46

Updated : 2022-03-17 07:33

NVD link : CVE-2022-24960

Mitre link : CVE-2022-24960

Products Affected
No products.
CWE
CWE-416