CVE-2024-9757

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 125

Summary

CVE-2024-9757 is a new Information Disclosure vulnerability affecting Tungsten Automation Power PDF. Attackers can exploit this issue by parsing malicious JP2 files, which results in an Out-Of-Bounds Read. This vulnerability allows sensitive information disclosure and could potentially be used in conjunction with other vulnerabilities for code execution. The root cause is a lack of proper validation of user-supplied data during JP2 file parsing. The ZDI research team discovered and reported this issue as ZDI-CAN-24473. To exploit the vulnerability, user interaction is required, such as visiting a malicious webpage or opening a malicious file.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share