CVE-2022-37356: 
PDF-XChange Editor vulnerability analysis and mitigation

This vulnerability (CVE-2022-37356) affects PDF-XChange Editor and allows remote attackers to execute arbitrary code on affected installations. The vulnerability was discovered and reported on June 7, 2022, and publicly disclosed on August 18, 2022. The vulnerability specifically exists within the parsing of JPG files, where user interaction is required for exploitation by visiting a malicious page or opening a malicious file (Zero Day Initiative).

The vulnerability is classified as an Out-of-Bounds Write (CWE-787) issue. When parsing JPG files, crafted data can trigger a write past the end of an allocated buffer. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability allows attackers to execute code in the context of the current process, potentially leading to complete system compromise. The high CVSS score reflects the severe potential impact on confidentiality, integrity, and availability of the affected system (Zero Day Initiative).

PDF-XChange has issued an update to correct this vulnerability. Users are advised to update to the latest version of the software (Tracker Software).