Remote Code Execution Vulnerability in Kofax Power PDF Due to PDF File Parsing
CVE-2023-44432

7.8HIGH

Key Information:

Vendor: Kofax
Status: Power PDF
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-44432?

The vulnerability involves a remote code execution flaw in Kofax Power PDF stemming from improper validation when parsing PDF files. Attackers can exploit this vulnerability by convincing users to open a specially crafted PDF document or visit a malicious website. The lack of adequate controls on user-supplied data can lead to an out-of-bounds write, potentially allowing unauthorized code execution within the context of the affected program. This poses significant security risks for organizations relying on Kofax Power PDF for handling documents, emphasizing the need for immediate patching and preventive measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Power PDF 5.0.0.57 (5.0.0.10)

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1606/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023

JSON

Kofax

What is CVE-2023-44432?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.