Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-42038
7.8HIGH
What is CVE-2023-42038?
The vulnerability in Kofax Power PDF is a heap-based buffer overflow that can be exploited by remote attackers to execute arbitrary code. This occurs due to inadequate validation of user-supplied data when parsing PDF files. Specifically, the flaw allows an attacker to manipulate the length of the data before it is copied to a fixed-length heap buffer. Exploitation requires user interaction, where the victim must either visit a malicious webpage or open a compromised PDF file. Once triggered, this vulnerability could lead to unauthorized code execution in the context of the affected process, posing significant security risks.
Affected Version(s)
Power PDF 5.0.0.57 (5.0.0.10)