CVE-2024-9746

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 787

Summary

CVE-2024-9746 is a newly disclosed vulnerability affecting Tungsten Automation Power PDF. This out-of-bounds write remote code execution issue allows attackers to execute arbitrary code on affected installations by manipulating TGA files. The vulnerability arises due to insufficient validation of user-supplied data during file parsing. Exploitation requires user interaction, such as visiting a malicious webpage or opening a maliciously crafted file. The flaw, also known as ZDI-CAN-24462, can give an attacker code execution privileges in the context of the current process.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share