CVE-2024-9749
CVSS 3.1 Score 3.3 of 10 (low)
Details
Summary
CVE-2024-9749 is an Out-of-Bounds Read Information Disclosure vulnerability affecting Tungsten Automation Power PDF. This issue allows remote attackers to disclose sensitive information by manipulating PDF files in a way that causes the software to read past the end of an allocated object. User interaction is necessary for an attack to be successful, as the target needs to visit a malicious webpage or open a malicious file. The root cause of this vulnerability lies in the lack of proper validation of user-supplied data, making it possible for attackers to exploit it in conjunction with other vulnerabilities to gain arbitrary code execution. This vulnerability, originally identified as ZDI-CAN-24465, poses a significant risk to installations using Tungsten Automation Power PDF.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.