Out-Of-Bounds Write Vulnerability in Tungsten Automation Power PDF
CVE-2024-9733

7.8HIGH

Key Information:

Vendor: Tungsten Automation
Status: Power PDF
Vendor: CVE Published:; 22 November 2024

🔔 Create Tungsten Automation Vulnerability Alert

What is CVE-2024-9733?

A remote code execution vulnerability has been identified in Tungsten Automation Power PDF, stemming from improper parsing of PDF files. This vulnerability allows attackers to manipulate user-supplied data, leading to potential execution of arbitrary code. The flaw arises from inadequate validation during the parsing process, enabling attackers to write past the boundaries of allocated memory objects. Exploitation of this vulnerability necessitates user interaction, as the victim must open a compromised PDF file or navigate to a malicious webpage. Users of Tungsten Automation Power PDF should review the provided advisory for mitigation recommendations.

Affected Version(s)

Power PDF 5.0.0.10.0.23307

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1352/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

CVE-2024-9733 Data

JSON