Use-After-Free Vulnerability in Tungsten Automation Power PDF for JP2 File Parsing
CVE-2024-12548

3.3LOW

Key Information:

Vendor: Tungsten Automation
Status: Power PDF
Vendor: CVE Published:; 11 February 2025

🔔 Create Tungsten Automation Vulnerability Alert

What is CVE-2024-12548?

A significant vulnerability has been identified in the parsing of JP2 files within Tungsten Automation Power PDF, exposing installations to potential information disclosure. The flaw arises due to the failure to validate object existence prior to operations, allowing a remote attacker to exploit this oversight. Successful exploitation requires user interaction, such as opening a malicious file or visiting a compromised webpage. The vulnerability can be leveraged with other flaws to execute arbitrary code within the context of the current process, potentially leading to severe data breaches and loss of information security.

Affected Version(s)

Power PDF 5.1.0.41

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1680/

x_research-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 11, 2024

CVE-2024-12548 Data

JSON