CVE-2024-9757
CVSS 3.1 Score 3.3 of 10 (low)
Details
Summary
CVE-2024-9757 is a new Information Disclosure vulnerability affecting Tungsten Automation Power PDF. Attackers can exploit this issue by parsing malicious JP2 files, which results in an Out-Of-Bounds Read. This vulnerability allows sensitive information disclosure and could potentially be used in conjunction with other vulnerabilities for code execution. The root cause is a lack of proper validation of user-supplied data during JP2 file parsing. The ZDI research team discovered and reported this issue as ZDI-CAN-24473. To exploit the vulnerability, user interaction is required, such as visiting a malicious webpage or opening a malicious file.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.