CVE-2022-30350

moderate-risk
Published 2023-03-30

Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a "white out" functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Pdfescape

Affected Vendors

Avanquest

References (4)

Exploit https://arxiv.org/pdf/2206.02285.pdf
Product https://www.pdfescape.com/open/
Exploit https://arxiv.org/pdf/2206.02285.pdf
Product https://www.pdfescape.com/open/
32
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal