File Write Flaws in Docudepot PDF Reader and Stackfield Desktop App
Two newly disclosed vulnerabilities expose users of Docudepot PDF Reader and the Stackfield Desktop App to arbitrary file write attacks that could lead to severe system compromise. CVE-2026-30292 affects Docudepot PDF Reader: PDF Viewer APP version 1.0.34, where a weakness in the file import process allows arbitrary file overwrite of critical internal files. The issue is classified as CWE-73 and carries a CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H score, with reported impact including possible arbitrary code execution and information exposure.
CVE-2026-28373 affects the Stackfield Desktop App before version 1.10.2 on macOS and Windows. The flaw stems from path traversal in decryption functionality that mishandles the filePath property, allowing a malicious export to write arbitrary content to any location on a victim’s filesystem. The vulnerability is tracked as CWE-22 and was assigned CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H, reflecting high risk to confidentiality, integrity, and availability when a crafted file is opened.
Timeline
Apr 3, 2026
MITRE receives CVE-2026-28373 for Stackfield Desktop App path traversal flaw
MITRE received CVE-2026-28373 for a path traversal vulnerability in Stackfield Desktop App before version 1.10.2 on macOS and Windows. The flaw in decryption-related handling of the filePath property could let a malicious export write arbitrary content anywhere on a victim's filesystem.
Apr 1, 2026
Docudepot PDF Reader file overwrite vulnerability disclosed as CVE-2026-30292
A vulnerability affecting Docudepot PDF Reader: PDF Viewer APP version 1.0.34 was disclosed, describing an arbitrary file overwrite flaw in the app's file import process that could lead to code execution or information exposure. The CVE record was updated with a CVSS v3.1 vector, CWE-73 classification, and references to vendor and research sources.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Adobe Acrobat Reader Prototype Pollution Flaws Enable Code Execution
Adobe disclosed two high-severity prototype pollution vulnerabilities in **Acrobat Reader** tracked as `CVE-2026-34621` and `CVE-2026-34622`. Both flaws can lead to arbitrary code execution in the context of the current user if a victim opens a malicious file, making user interaction a required condition for exploitation. Adobe classified both issues under `CWE-1321` and assigned CVSS v3.1 vectors indicating high impact to confidentiality, integrity, and availability. `CVE-2026-34621` affects Acrobat Reader versions `24.001.30356`, `26.001.21367`, and earlier, while `CVE-2026-34622` affects versions `26.001.21411`, `24.001.30360`, `24.001.30362`, and earlier. The disclosures indicate the vulnerabilities were reported to Adobe's PSIRT and published with advisory references, signaling that organizations using Acrobat Reader should identify exposed versions and prioritize updates to reduce the risk of malicious document-based compromise.
1 weeks ago
Local Code Execution Flaws Disclosed in PDF Explorer and RGui
Two newly cataloged CVEs detail local code execution vulnerabilities in Windows desktop applications **PDF Explorer 1.5.66.2** and **RGui 3.5.0**. **CVE-2018-25217** affects PDF Explorer through a structured exception handler (SEH) overflow in the application's **Custom fields settings** dialog, where malicious data placed in the **Label** field can overwrite SEH records and enable arbitrary code execution. The issue is mapped to `CWE-787` and was published with CVSS v4.0 and v3.1 scoring, alongside references to Exploit-DB, RTT Software, a trial installer, and a VulnCheck advisory. **CVE-2018-25258** affects RGui 3.5.0 through a stack-based buffer overflow in the **GUI preferences** dialog, specifically the **Language for menus and messages** field. The disclosure says an attacker can use SEH-based exploitation to bypass DEP, run a ROP chain that calls `VirtualAlloc`, and achieve arbitrary code execution on the local system. The entry was published with CVSS v4.0 and v3.1 vectors and references to the affected R 3.5.0 Windows binary, Exploit-DB, the R Project website, and a VulnCheck advisory.
3 weeks ago
Multiple Adobe Acrobat and Reader Flaws Enable Code Execution and Information Disclosure
German authorities issued security advisories for **Adobe Acrobat DC**, **Acrobat Reader DC**, and **Adobe Acrobat Reader** covering multiple vulnerabilities that could allow **information disclosure** and **arbitrary code execution**. One advisory specifically warned that a flaw in Adobe Acrobat Reader could expose sensitive information and be leveraged for code execution, raising the risk of compromise when users open maliciously crafted PDF files. A follow-up advisory expanded the scope to **multiple vulnerabilities** across Adobe’s Acrobat product line, indicating broader exposure for enterprise and end-user systems that rely on Adobe PDF software. Organizations using affected Adobe applications should prioritize vendor patches and review endpoint protections, as successful exploitation could give attackers access to data or the ability to run code on targeted systems.
2 weeks ago