CVE-2024-9747
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-9747 is a remote code execution vulnerability affecting Tungsten Automation Power PDF. This issue arises from insufficient validation of user-supplied data during PSD file parsing, enabling attackers to write data beyond the allocated buffer. Exploitation requires user interaction, typically through visiting a malicious webpage or opening a specially crafted file. Successful exploitation grants the attacker the ability to execute arbitrary code in the context of the affected installation. This vulnerability, identified as ZDI-CAN-24463, poses a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.