CVE-2024-9755
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 125
Summary
CVE-2024-9755 is a remote code execution vulnerability affecting Tungsten Automation Power PDF. Malicious JP2 files can exploit this issue by causing an out-of-bounds read in the Power PDF software. The flaw arises from insufficient validation of user-supplied data during file parsing. Successful exploitation requires user interaction, such as visiting a malicious webpage or opening a malicious file. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. (ZDI-CAN-24472)
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share