CVE-2024-9737

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 787

Summary

CVE-2024-9737 is a remote code execution vulnerability affecting Tungsten Automation Power PDF. Attackers can exploit this issue by parsing malicious PDF files, leading to an out-of-bounds write. This flaw is due to insufficient validation of user-supplied data, enabling write access beyond the bounds of an allocated object. Successful exploitation requires user interaction and allows attackers to execute arbitrary code within the affected system. (ZDI-CAN-24453)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Tungsten Automation Power PDF

Affected Vendors

  • Kofax Inc