Vulnerabilities > CVE-2022-24960 - Use After Free vulnerability in Pdftron 9.2.0

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
pdftron
CWE-416

Summary

A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.

Vulnerable Configurations

Part Description Count
Application
Pdftron
1
Application
Linux
1
OS
Apple
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)