CVE-2024-9741

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 122
CWE ID 787

Summary

CVE-2024-9741 is a heap-based buffer overflow vulnerability in Tungsten Automation Power PDF's PDF file parsing process. This issue allows remote attackers to execute arbitrary code on affected installations by providing maliciously crafted PDF files or web pages. The flaw stems from insufficient validation of user-supplied data before copying it to a fixed-length buffer. Attackers can exploit this vulnerability, identified as ZDI-CAN-24457, to gain control over the affected system. User interaction is necessary for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share