CVE-2024-9754
CVSS 3.1 Score 3.3 of 10 (low)
Details
Summary
CVE-2024-9754 is a new information disclosure vulnerability affecting Tungsten Automation Power PDF. This issue allows remote attackers to disclose sensitive data by tricking users into visiting a malicious webpage or opening a maliciously crafted PDF file. The root cause of the vulnerability lies in the improper validation of user-supplied data during PDF file parsing, resulting in an out-of-bounds read. While this vulnerability does not directly enable code execution, it can be combined with other vulnerabilities to achieve that outcome. ZDI-CAN-24471 was the original identifier for this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.