Kofax Power PDF replacePages Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-38094

7.8HIGH

Key Information:

Vendor: Kofax
Status: Power PDF
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-38094?

A vulnerability exists within the implementation of the replacePages method in Kofax Power PDF, which may allow remote attackers to execute arbitrary code on affected installations. The vulnerability arises from the deficient validation of the length of user-supplied data being copied to a stack-based buffer. To exploit this flaw, an attacker must trick the user into interacting with malicious content, such as visiting a harmful website or opening a compromised file. This exploitation can facilitate the execution of code in the context of the current user process, posing risks to data integrity and system security.

Affected Version(s)

Power PDF 5.0.0.19

References

https://www.zerodayinitiative.com/advisories/ZDI-23-968/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Jul 12, 2023