Multiple memory vulnerabilities due to insufficient input validation in FlexiPDF.exe in SoftMaker FlexiPDF 3.0.3 allow attackers to execute code when a user opens a crafted PDF file with FlexiPDF.

Philip Kolvenbach of Fraunhofer SIT

The research that has led to the discovery of CVE-2023-24295 has been funded in part by the German Federal Ministry of Education and Research and the Hessian Ministry of Higher Education, Research, Science and the Arts within their joint support of the National Research Center for Applied Cybersecurity ATHENE.