First published: Wed Jan 31 2018(Updated: )
Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tracker-software Pdf-xchange Viewer | <2.5.322.8 | |
Tracker-software Viewer Ax Sdk | <2.5.322.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6462 is a vulnerability that affects Tracker PDF-XChange Viewer and Viewer AX SDK before version 2.5.322.8.
CVE-2018-6462 has a severity rating of 7.8, which is considered high.
CVE-2018-6462 occurs when Tracker PDF-XChange Viewer and Viewer AX SDK mishandle the conversion from YCC to RGB color spaces by miscalculating on the basis of 1 bpc instead of 8 bpc, allowing remote attackers to potentially execute arbitrary code through a crafted PDF document.
CVE-2018-6462 affects Tracker PDF-XChange Viewer before version 2.5.322.8 and Tracker Viewer AX SDK before version 2.5.322.8.
To fix CVE-2018-6462, it is recommended to upgrade Tracker PDF-XChange Viewer and Tracker Viewer AX SDK to version 2.5.322.8 or later.