Out-Of-Bounds Write Vulnerability in Tungsten Automation Power PDF
CVE-2024-12547

8.8HIGH

Key Information:

Vendor: Tungsten Automation
Status: Power PDF
Vendor: CVE Published:; 11 February 2025

🔔 Create Tungsten Automation Vulnerability Alert

What is CVE-2024-12547?

A vulnerability exists in the Tungsten Automation Power PDF related to the parsing of JPF files, which allows remote attackers to execute arbitrary code on affected systems. This flaw arises due to improper validation of user-supplied data, potentially leading to a write operation past the allocated memory. An attacker can exploit this by persuading users to interact with a malicious web page or open a compromised JPF file, gaining the ability to execute code within the context of the current process. To mitigate this risk, users should ensure they are using the latest version of Power PDF and remain vigilant against untrusted file sources.

Affected Version(s)

Power PDF 5.1.0.41

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1681/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 11, 2024

CVE-2024-12547 Data

JSON