Remote Code Execution Risk in veraPDF Library
CVE-2024-52800

Currently unrated

Key Information:

Vendor: VeraPDF
Status: VeraPDF-library
Vendor: CVE Published:; 29 November 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 11%

What is CVE-2024-52800?

CVE-2024-52800 refers to a high-risk vulnerability within the veraPDF library, an open-source PDF/A validation tool. The vulnerability arises when executing policy checks using custom Schematron files via the command-line interface (CLI), which triggers an XSL transformation that could potentially allow for remote code execution (RCE). While this do not impact standard validation functionalities—since most users typically do not incorporate custom XSLT code into their policy profiles—the risk remains prevalent for those who opt for external scripts. Users are highly advised to load custom policy files only from reputable sources until an official patch is released. Awareness and cautious handling of XSLT code are vital in mitigating this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

veraPDF-library <= 1.26.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

GHSA-4cx5-89vm-833x-POC
Created by JAckLosingHeart