CVE-2025-6660

Published Jun 25, 2025

Last updated 11 days ago

CVSS high 7.8

Overview

Description
PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26763.
Source
zdi-disclosures@trendmicro.com
NVD status
Analyzed

Risk scores

CVSS 3.0

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

zdi-disclosures@trendmicro.com
CWE-122

Social media

Hype score
Not currently trending

  1. CVE-2025-6660 PDF-XChange Editor Remote Code Execution via Heap-based Buffer Overflow in GIF Parsing https://t.co/WmUDwGudQT

    @VulmonFeeds

    26 Jun 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-6660 PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code… https://t.co/0tRLZfcjnX

    @CVEnew

    25 Jun 2025

    466 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.