CVE-2024-9746
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-9746 is a newly disclosed vulnerability affecting Tungsten Automation Power PDF. This out-of-bounds write remote code execution issue allows attackers to execute arbitrary code on affected installations by manipulating TGA files. The vulnerability arises due to insufficient validation of user-supplied data during file parsing. Exploitation requires user interaction, such as visiting a malicious webpage or opening a maliciously crafted file. The flaw, also known as ZDI-CAN-24462, can give an attacker code execution privileges in the context of the current process.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.