Kofax Power PDF replacePages Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-38094
7.8HIGH
What is CVE-2023-38094?
A vulnerability exists within the implementation of the replacePages method in Kofax Power PDF, which may allow remote attackers to execute arbitrary code on affected installations. The vulnerability arises from the deficient validation of the length of user-supplied data being copied to a stack-based buffer. To exploit this flaw, an attacker must trick the user into interacting with malicious content, such as visiting a harmful website or opening a compromised file. This exploitation can facilitate the execution of code in the context of the current user process, posing risks to data integrity and system security.
Affected Version(s)
Power PDF 5.0.0.19