Information Disclosure Vulnerability in Kofax Power PDF JP2 File Parsing

CVE-2024-5512

Summary

An information disclosure vulnerability exists in the JP2 file parsing component of Kofax Power PDF. This flaw allows remote attackers to disclose sensitive information by enticing users to open a specially crafted JP2 file or visit a malicious web page. The vulnerability arises from improper validation of user-supplied data, leading to potential out-of-bounds read conditions. Attackers can exploit this weakness to access information beyond the intended memory allocation, which may be used in conjunction with other vulnerabilities to execute arbitrary code within the context of the affected application.

References