Login Sign Up

CVE-2023-42049

5.5 MEDIUM

📋 TL;DR

PDF-XChange Editor contains an out-of-bounds read vulnerability when parsing EMF files, allowing attackers to disclose sensitive information from memory. Users who open malicious PDF files or visit malicious web pages are affected. This vulnerability can be combined with other exploits to potentially execute arbitrary code.

💻 Affected Systems

Products:
  • PDF-XChange Editor
Versions: Versions prior to 10.1.1.380
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All Windows installations with vulnerable versions are affected. No special configuration required.

📦 What is this software?

Pdf Tools by Pdf Xchange

View all CVEs affecting Pdf Tools →

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the context of the current user process.

🟠

Likely Case

Information disclosure from memory, potentially exposing sensitive data or system information.

🟢

If Mitigated

Limited information disclosure with no code execution if proper memory protections are in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via web pages or email attachments.
🏢 Internal Only: MEDIUM - Similar risk internally if users open malicious files from internal sources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability alone provides information disclosure; code execution requires chaining with other vulnerabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.1.380 and later

Vendor Advisory: https://www.tracker-software.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download latest version from tracker-software.com 2. Run installer 3. Restart system 4. Verify version is 10.1.1.380 or higher

🔧 Temporary Workarounds

Disable EMF file processing

windows

Configure PDF-XChange Editor to not process EMF files

Registry modification required - consult vendor documentation

Use application control

windows

Block execution of vulnerable PDF-XChange Editor versions

Configure AppLocker or Windows Defender Application Control policies

🧯 If You Can't Patch

  • Restrict user permissions to limit impact of information disclosure
  • Implement network segmentation to contain potential lateral movement

🔍 How to Verify

Check if Vulnerable:

Check Help > About in PDF-XChange Editor for version number

Check Version:

Not applicable - check via GUI in Help > About menu

Verify Fix Applied:

Verify version is 10.1.1.380 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing EMF files
  • Unusual memory access patterns

Network Indicators:

  • Downloads of EMF files from untrusted sources
  • Network traffic to known malicious domains after file opening

SIEM Query:

EventID=1000 OR EventID=1001 with PDF-XChange Editor in process name

📊 Metadata

CVE ID: CVE-2023-42049
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: May 3, 2024
Last Updated: May 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42049, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)