Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2024-5511

7.8HIGH

Key Information:

Vendor: Kofax
Status: Power PDF
Vendor: CVE Published:; 22 November 2024

Summary

The vulnerability in Kofax Power PDF arises from improper validation during the parsing of JP2 files, resulting in out-of-bounds read capabilities. This flaw permits remote attackers to execute arbitrary code on affected systems after enticing a user to open a malicious JP2 file or visit a compromised webpage. The exploitation occurs when user-supplied data leads to read operations that exceed allocated memory boundaries, allowing attackers to execute code with the permissions of the user's process.

Affected Version(s)

Power PDF 5.0.0.57 (5.0.0.10.0.23307)

References

https://www.zerodayinitiative.com/advisories/ZDI-24-554/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024