Description
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Published: 2026-04-01
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Overwrite leading to Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability permits an attacker to overwrite arbitrary internal files during the import process of the Ora Tools PDF Reader application. By exploiting this flaw, a malicious user can replace critical configuration or executable files, potentially leading to arbitrary code execution or unauthorized disclosure of sensitive information. This weakness corresponds to the CWE-73 class of relative path traversal or file overwrite vulnerabilities.

Affected Systems

Only the Ora Tools PDF Reader ' Reader & Editor APP version 4.3.5 is identified as vulnerable. No other versions or variants of the product are currently listed as affected, and no vendor product coverage is provided by the CNA.

Risk and Exploitability

With a CVSS base score of 8.4, the flaw is considered High severity. Exploit probability is not quantified by EPSS, and the vulnerability is not yet cataloged in the CISA Known Exploited Vulnerabilities list. The likely attack path requires that an attacker can trigger the file import routine, implying local or privileged access to the victim’s machine; however, the description does not detail further conditions, so the exact exploitation vector remains inferred.

Generated by OpenCVE AI on April 2, 2026 at 03:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Ora Tools PDF Reader update that removes the file overwrite flaw (e.g., version 4.3.6 or newer).
  • If an update is not immediately available, disable or restrict the file import function for untrusted users.
  • Monitor system logs for unexpected file writes and investigate any suspicious activity.

Generated by OpenCVE AI on April 2, 2026 at 03:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Oratools
Oratools pdf Reader
Vendors & Products Oratools
Oratools pdf Reader

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Arbitrary File Overwrite in Ora Tools PDF Reader Leading to Code Execution

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
Weaknesses CWE-73
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Oratools Pdf Reader
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T19:00:35.065Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30291

cve-icon Vulnrichment

Updated: 2026-04-01T18:57:13.200Z

cve-icon NVD

Status : Deferred

Published: 2026-04-01T15:22:58.943

Modified: 2026-04-27T19:18:46.690

Link: CVE-2026-30291

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T08:59:04Z

Weaknesses