Login Sign Up

CVE-2022-37360

5.5 MEDIUM

📋 TL;DR

CVE-2022-37360 is an out-of-bounds read vulnerability in PDF-XChange Editor's EMF file parser that allows remote attackers to disclose sensitive information. Users who open malicious EMF files or visit malicious web pages are affected. This vulnerability can be combined with other exploits to potentially execute arbitrary code.

💻 Affected Systems

Products:
  • PDF-XChange Editor
Versions: Versions prior to 9.3.361.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with affected versions are vulnerable when processing EMF files.

📦 What is this software?

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers combine this information disclosure with other vulnerabilities to achieve remote code execution in the context of the current user, potentially leading to full system compromise.

🟠

Likely Case

Sensitive memory contents are disclosed, which could include passwords, encryption keys, or other application data that could facilitate further attacks.

🟢

If Mitigated

With proper security controls, the impact is limited to information disclosure without code execution, though sensitive data may still be exposed.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

User interaction required (opening malicious file or visiting malicious page). Exploit requires combining with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.361.0 and later

Vendor Advisory: https://www.tracker-software.com/product/pdf-xchange-editor/history

Restart Required: Yes

Instructions:

1. Download latest version from tracker-software.com
2. Run installer
3. Restart system after installation

🔧 Temporary Workarounds

Disable EMF file processing

windows

Prevent PDF-XChange Editor from processing EMF files through registry modification

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Tracker Software\PDFXEditor\3.0\Settings\FileOpen\EMF]
"bEnabled"=dword:00000000

🧯 If You Can't Patch

  • Restrict user permissions to prevent execution of untrusted EMF files
  • Implement application whitelisting to block PDF-XChange Editor from running untrusted files

🔍 How to Verify

Check if Vulnerable:

Check Help > About in PDF-XChange Editor for version number

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 9.3.361.0 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing EMF files
  • Unexpected memory access errors in application logs

Network Indicators:

  • Downloads of EMF files from untrusted sources
  • Network traffic to known malicious domains hosting EMF files

SIEM Query:

source="*pdf-xchange*" AND (event_type="crash" OR error="*memory*" OR file_extension="emf")

📊 Metadata

CVE ID: CVE-2022-37360
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: March 29, 2023
Last Updated: February 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37360, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)