Out-Of-Bounds Read Vulnerability in Tungsten Automation Power PDF
CVE-2024-9755

7.8HIGH

Key Information:

Vendor: Tungsten Automation
Status: Power PDF
Vendor: CVE Published:; 22 November 2024

🔔 Create Tungsten Automation Vulnerability Alert

What is CVE-2024-9755?

A vulnerability exists in Tungsten Automation's Power PDF related to JP2 file parsing, which can lead to an out-of-bounds read. The flaw stems from inadequate validation of user-supplied data, potentially allowing attackers to read beyond the allocated memory and execute arbitrary code in the context of the affected application. Successful exploitation necessitates that users inadvertently interact with specially crafted malicious files or visit compromised websites. Addressing this vulnerability is critical for ensuring the integrity and security of documents processed by Power PDF.

Affected Version(s)

Power PDF 5.0.0.10.0.23307

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1368/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024

CVE-2024-9755 Data

JSON