Overview
CVE-2025-58113 describes an out-of-bounds read vulnerability affecting PDF-XChange Editor version 10.7.3.401. This vulnerability resides in the application’s handling of Enhanced Metafile (EMF) files. A specially crafted EMF file can trigger an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Technical Details
The vulnerability exists within the EMF parsing functionality of PDF-XChange Editor. When processing a malicious EMF file, the application attempts to read data beyond the allocated memory buffer. This occurs due to insufficient bounds checking during the processing of specific EMF records. An attacker can exploit this flaw by crafting an EMF file with specific record data that triggers the out-of-bounds read.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-58113 a score of 6.5 (Medium).
- Attack Vector: Local
- Attack Complexity: Medium
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
While the attack vector is local and requires user interaction (opening the malicious EMF file), the potential for information disclosure elevates the severity to Medium.
Possible Impact
Successful exploitation of CVE-2025-58113 could allow an attacker to:
- Leak sensitive information residing in the memory space of the PDF-XChange Editor.
- Potentially bypass security measures due to the unexpected read.
The information leaked may include document content, metadata, or other sensitive data processed by the application.
Mitigation or Patch Steps
The recommended mitigation is to update PDF-XChange Editor to a version that addresses this vulnerability. Contact PDF-XChange Co. Ltd for the latest updates and patches. Until an official patch is available, exercise caution when opening EMF files from untrusted sources.
Specifically: Check the vendor’s website for updates newer than version 10.7.3.401.
