Information Disclosure Vulnerability in Tungsten Automation Power PDF
CVE-2024-9749

3.3LOW

Key Information:

Vendor: Tungsten Automation
Status: Power PDF
Vendor: CVE Published:; 22 November 2024

🔔 Create Tungsten Automation Vulnerability Alert

What is CVE-2024-9749?

An information disclosure vulnerability exists in Tungsten Automation Power PDF due to improper validation of user-supplied data during PDF file parsing. This flaw allows remote attackers to exploit the issue by tricking users into visiting a malicious web page or opening a specially crafted PDF file. Successful exploitation may allow attackers to disclose sensitive information from affected installations. The flaw can potentially be combined with other vulnerabilities to facilitate further attacks, including the execution of arbitrary code within the context of the vulnerable process.

Affected Version(s)

Power PDF 5.0.0.10.0.23307

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1340/

x_research-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

CVE-2024-9749 Data

JSON