CVE-2022-37355: 
PDF-XChange Editor vulnerability analysis and mitigation

This vulnerability (CVE-2022-37355) affects PDF-XChange Editor and was disclosed on August 18, 2022. The vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor through malicious JPG file parsing. User interaction is required as the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files, where crafted data can trigger a write past the end of an allocated buffer (Zero Day Initiative).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH with the vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write) and affects PDF-XChange Editor version 9.3.361.0 (Zero Day Initiative, NVD).

If successfully exploited, this vulnerability allows attackers to execute code in the context of the current process. Given the high CVSS score and the potential for arbitrary code execution, this vulnerability could lead to complete system compromise within the scope of the affected application's privileges (Zero Day Initiative).

PDF-XChange has issued an update to correct this vulnerability. Users should update to the latest version of PDF-XChange Editor to protect against this vulnerability (Zero Day Initiative, Tracker Software).