Heap-Based Buffer Overflow in Tungsten Automation Power PDF
CVE-2024-9742

7.8HIGH

Key Information:

Vendor: Tungsten Automation
Status: Power PDF
Vendor: CVE Published:; 22 November 2024

🔔 Create Tungsten Automation Vulnerability Alert

What is CVE-2024-9742?

A vulnerability exists in Tungsten Automation Power PDF related to a heap-based buffer overflow caused by inadequate validation during the parsing of PSD files. This oversight allows malicious actors to exploit the vulnerability by enticing users to interact with specially crafted files or web pages. When the user engages with the malicious content, the attacker can execute arbitrary code in the context of the currently running process, potentially leading to unauthorized access and control over the affected system. Security measures and patches are highly recommended to mitigate this risk.

Affected Version(s)

Power PDF 5.0.0.10.0.23307

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1342/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

CVE-2024-9742 Data

JSON