PDFex Vulnerability

The PDF-XChange Viewer for End Users
+++ FREE +++

Moderators: TrackerSupp-Daniel, Tracker Support, Vasyl-Tracker Dev Team, Sean - Tracker, Paul - Tracker Supp, Chris - Tracker Supp, Tracker Supp-Stefan, Ivan - Tracker Software

Post Reply
Unregistered
User
Posts: 9
Joined: Wed Jan 12, 2011 6:39 pm

PDFex Vulnerability

Post by Unregistered » Sun Oct 06, 2019 5:12 am

Are any Tracker Software products susceptible to the PDFex vulnerabilities?

https://pdf-insecurity.org/encryption/encryption.html

https://www.forbes.com/sites/zakdoffman ... -apps-now/

User avatar
Will - Tracker Supp
Site Admin
Posts: 6905
Joined: Mon Oct 15, 2012 9:21 pm
Location: London, UK
Contact:

Re: PDFex Vulnerability

Post by Will - Tracker Supp » Sun Oct 06, 2019 9:06 pm

Hi Unregistered,

Thanks for the post - This was a vulnerability but was fixed as of build 332. The latest release is build 333:
http://www.tracker-software.com/downloads

Cheers,
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.

Best regards

Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com

Unregistered
User
Posts: 9
Joined: Wed Jan 12, 2011 6:39 pm

Re: PDFex Vulnerability

Post by Unregistered » Sun Oct 06, 2019 10:39 pm

I'd appreciate if this sort of thing would be mentioned in the release notes in the future. I've been using PDF Tools build 330 and skipped later updates because none of them seemed applicable or important to me. This important security fix is not mentioned.

https://www.tracker-software.com/produc ... #8.0.333.0

Thanks.

Ivan - Tracker Software
Site Admin
Posts: 3620
Joined: Thu Jul 08, 2004 10:36 pm
Location: Vancouver Island - Canada
Contact:

Re: PDFex Vulnerability

Post by Ivan - Tracker Software » Mon Oct 07, 2019 7:06 am

PDF Tools were not affected. In build history for the Editor, we mentioned this fix, but we were not allowed to provide more details about the vulnerability at that moment.
Tracker Software (Project Director)

When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.

Unregistered
User
Posts: 9
Joined: Wed Jan 12, 2011 6:39 pm

Re: PDFex Vulnerability

Post by Unregistered » Mon Oct 07, 2019 11:57 am

But PDF Tools installs the viewer/editor by default, doesn't it? So a user would have to go out of his or her way to look at release notes for products they're not directly installing to know about this.

No details were necessary, just mention of a fix for a security vulnerability would suffice.

User avatar
Tracker Supp-Stefan
Site Admin
Posts: 14035
Joined: Mon Jan 12, 2009 8:07 am
Location: London
Contact:

Re: PDFex Vulnerability

Post by Tracker Supp-Stefan » Mon Oct 07, 2019 12:11 pm

Hello Unregistered,

The fix was effectively in the Editor, and did apply to the version of the Editor that comes with Tools, so yes the fix was included in Tools as well, but as it was not explicitly applied to Tools - we missed adding it in the version history.
I will see if we can make sure that in future similar cases we mention security related fixes in the version history pages of all our products!

Regards,
Stefan

Post Reply