Out-Of-Bounds Read Vulnerability in Tungsten Automation Power PDF
CVE-2024-12549

7.8HIGH

Key Information:

Vendor: Tungsten Automation
Status: Power PDF
Vendor: CVE Published:; 11 February 2025

🔔 Create Tungsten Automation Vulnerability Alert

What is CVE-2024-12549?

A security flaw in Tungsten Automation Power PDF allows for an Out-Of-Bounds Read condition via improper validation of user-provided JP2 files. This vulnerability can be exploited by remote attackers who lure victims into opening malicious JP2 files or visiting compromised web pages. Exploiting this issue can lead to arbitrary code execution in the context of the affected process. It underscores the importance of robust file parsing and validation mechanisms.

Affected Version(s)

Power PDF 5.1.0.41

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1679/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 11, 2024

CVE-2024-12549 Data

JSON