Out-Of-Bounds Read Vulnerability in Tungsten Automation Power PDF
CVE-2024-12550

7.8HIGH

Key Information:

Vendor: Tungsten Automation
Status: Power PDF
Vendor: CVE Published:; 11 February 2025

🔔 Create Tungsten Automation Vulnerability Alert

What is CVE-2024-12550?

The vulnerability in Tungsten Automation Power PDF arises from the improper validation of JP2 file data, allowing attackers to disclose sensitive information. Attackers need to trick users into visiting malicious web pages or opening compromised files for exploitation. This flaw could be exploited in conjunction with other weaknesses to execute arbitrary code within the process’s context, enhancing the severity of the attack.

Affected Version(s)

Power PDF 5.1.0.41

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1678/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Dec 11, 2024

CVE-2024-12550 Data

JSON