Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2024-5305

7.8HIGH

Key Information:

Vendor: Kofax
Status: Power PDF
Vendor: CVE Published:; 6 June 2024

Summary

A vulnerability in Kofax Power PDF relates to the improper processing of PDF file content, leading to a stack-based buffer overflow. This flaw allows remote attackers to execute arbitrary code within the context of the affected application. The attack vector requires user interaction, as the recipient must either open a malicious PDF file or visit a harmful webpage containing the exploit. It is imperative for users and administrators to apply necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Power PDF 5.0.0.57

References

https://www.zerodayinitiative.com/advisories/ZDI-24-550/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
May 23, 2024