CNNVD-202512-4068 Information

CNNVD ID

CNNVD-202512-4068

Related CVE

CVE-2025-14413

• CNNVD Published: 2025-12-23

Description (Chinese)

Soda PDF Desktop是加拿大Soda公司的一个全功能PDF编辑软件。 Soda PDF Desktop存在路径遍历漏洞，该漏洞源于解析CBZ文件时缺少对用户提供路径的验证，可能导致目录遍历和远程代码执行。

Description (English)

Soda PDF Desktop is a full-purpose PDF editing software for Soda Canada. Soda PDF Desktop has a loophole in its path, which results from the lack of validation of the path provided by the user when deconstructing the CBZ file, which may lead to directory history and remote code execution.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Soda

Published

2025-12-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-25-1086/