CVE-2024-12548

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Feb 11, 2025

Updated: Feb 19, 2025

CWE ID 416

Summary

CVE-2024-12548 is a newly disclosed vulnerability in Tungsten Automation Power PDF that allows remote information disclosure. This vulnerability arises from the inadequate validation of objects during JP2 file parsing. User interaction, such as visiting a malicious webpage or opening a malicious file, is required for exploitation. While no arbitrary code execution is directly mentioned in this issue, an attacker could potentially combine it with other vulnerabilities to achieve that goal. ZDI-CAN-25564 first reported this weakness.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1fwddz
https://www.cve.org/CVERecord?id=CVE-2024-12548
https://nvd.nist.gov/vuln/detail/CVE-2024-12548

Back to Vulnerability Database

CVE-2024-12548

CVSS 3.1 Score 3.3 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations