CVE-2022-42413: 
PDF-XChange Editor vulnerability analysis and mitigation

A vulnerability in PDF-XChange Editor was discovered related to JP2 file parsing (CVE-2022-42413). The vulnerability was reported on August 23, 2022, and publicly disclosed on October 7, 2022. This security flaw affects PDF-XChange Editor installations and requires user interaction to be exploited (Zero Day Initiative).

The vulnerability is classified as an Out-Of-Bounds Read Information Disclosure vulnerability. The specific flaw exists within the parsing of JP2 files, where crafted data can trigger a read past the end of an allocated buffer. The vulnerability has been assigned a CVSS score of 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N), indicating a relatively low severity (Zero Day Initiative).

When exploited, this vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. The vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (Zero Day Initiative).

PDF-XChange has released an update to address this vulnerability. Users are advised to update to the latest version of PDF-XChange Editor (Zero Day Initiative).