Heap-based Buffer Overflow Remote Code Execution Vulnerability in Kofax Power PDF
CVE-2024-5301

7.8HIGH

Key Information:

Vendor: Kofax
Status: Power PDF
Vendor: CVE Published:; 6 June 2024

Summary

A vulnerability exists in Kofax Power PDF that affects the parsing of PSD files, resulting in a heap-based buffer overflow. This flaw arises due to insufficient validation of user-supplied data lengths before copying them into a fixed-length heap-based buffer. When exploited, this vulnerability enables remote attackers to execute arbitrary code in the context of the affected process. Successful exploitation requires user interaction, where the target must visit a malicious webpage or open a crafted PSD file designed to exploit this weakness. Protecting against this vulnerability involves ensuring that users are educated about the risks of opening untrusted files and employing security measures to detect and block potential exploits.

Affected Version(s)

Power PDF 5.0.0.57

References

https://www.zerodayinitiative.com/advisories/ZDI-24-546/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
May 23, 2024