CVE-2024-9749

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Nov 22, 2024
Updated: Nov 25, 2024
CWE ID 125

Summary

CVE-2024-9749 is an Out-of-Bounds Read Information Disclosure vulnerability affecting Tungsten Automation Power PDF. This issue allows remote attackers to disclose sensitive information by manipulating PDF files in a way that causes the software to read past the end of an allocated object. User interaction is necessary for an attack to be successful, as the target needs to visit a malicious webpage or open a malicious file. The root cause of this vulnerability lies in the lack of proper validation of user-supplied data, making it possible for attackers to exploit it in conjunction with other vulnerabilities to gain arbitrary code execution. This vulnerability, originally identified as ZDI-CAN-24465, poses a significant risk to installations using Tungsten Automation Power PDF.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share