Fixes for Current Security Issues?

The PDF-XChange Viewer for End Users
+++ FREE +++

Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan

Post Reply
simonb
User
Posts: 1
Joined: Sat Aug 29, 2020 6:47 am

Fixes for Current Security Issues?

Post by simonb »

A talk during this year's Black Hat IT security conference from early August seems to have revealed substantial security issues in many PDF viewers. PDF-XChange Viewer seems to be one of the most vulnerable products.
Any forecasts on when the issues will be fixed?

Talk: https://www.blackhat.com/us-20/briefin ... aws--20387
Info graphic, comparing various products: https://raw.githubusercontent.com/RUB- ... r/eval.png
User avatar
Tracker Supp-Stefan
Site Admin
Posts: 17824
Joined: Mon Jan 12, 2009 8:07 am
Location: London
Contact:

Re: Fixes for Current Security Issues?

Post by Tracker Supp-Stefan »

Hello simonb,

Thanks for the post.
The version of our Editor used for those tests was too old! We received reports for some of those vulnerabilities in January, and all our versions since April have had numerous security fixes to address those.

The "Infinite Loop" and "Deflate Bomb" are not something that can reallistically be fixed, but on it's own they are not vulnerabilities that can expose your machine to an external attacker. Yes - those will hang the Editor and make it unusable, but other than that - they can not cause any real harm to your machine and software. All the other vulnerabilities from your list have been addressed well before August.

Kind regards,
Stefan
Post Reply