Login Sign Up

CVE-2022-37358

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2022-37358 is a buffer overflow vulnerability in PDF-XChange Editor's JPG file parser that allows remote code execution. Attackers can exploit this by tricking users into opening malicious JPG files or visiting malicious web pages. Users of vulnerable PDF-XChange Editor versions are affected.

💻 Affected Systems

Products:
  • PDF-XChange Editor
Versions: Versions prior to 9.3.361.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with vulnerable versions are affected regardless of configuration.

📦 What is this software?

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the current user, potentially leading to credential theft, data exfiltration, or malware installation.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash but no code execution.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

User interaction required (opening malicious file). The vulnerability is well-documented and buffer overflow exploits are common.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.361.0 and later

Vendor Advisory: https://www.tracker-software.com/product/pdf-xchange-editor/history

Restart Required: Yes

Instructions:

1. Download latest version from tracker-software.com 2. Run installer 3. Restart system 4. Verify version is 9.3.361.0 or higher

🔧 Temporary Workarounds

Disable JPG file handling

windows

Prevent PDF-XChange Editor from processing JPG files by modifying file associations

Control Panel > Default Programs > Set Associations > Change .jpg/.jpeg to open with different application

Application sandboxing

windows

Run PDF-XChange Editor in restricted environment

🧯 If You Can't Patch

  • Implement application whitelisting to block PDF-XChange Editor execution
  • Deploy network segmentation to limit lateral movement if compromised

🔍 How to Verify

Check if Vulnerable:

Check Help > About in PDF-XChange Editor and verify version is below 9.3.361.0

Check Version:

Get-ItemProperty 'HKLM:\SOFTWARE\Tracker Software\PDFXEditor3' | Select-Object -ExpandProperty Version

Verify Fix Applied:

Confirm version is 9.3.361.0 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with JPG file processing
  • Unusual process creation from PDF-XChange Editor

Network Indicators:

  • Outbound connections from PDF-XChange Editor to unusual destinations
  • File downloads to PDF-XChange Editor process

SIEM Query:

process_name="PDFXEdit.exe" AND (event_id=1000 OR parent_process_name!=explorer.exe)

📊 Metadata

CVE ID: CVE-2022-37358
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 29, 2023
Last Updated: February 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37358, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)