CVE-2024-9760

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Nov 22, 2024
Updated: Dec 5, 2024
CWE ID 125

Summary

CVE-2024-9760 is an Information Disclosure vulnerability in Tungsten Automation Power PDF. This issue arises due to improper validation of user-supplied data during the parsing of PNG files, leading to an Out-of-Bounds Read. An attacker can exploit this vulnerability by crafting a malicious page or file that triggers the flaw, allowing them to disclose sensitive information from affected installations. While this vulnerability does not directly enable code execution, it can be used in combination with other vulnerabilities to achieve that goal. This vulnerability, originally identified as ZDI-CAN-24476, was reported to the Zero Day Initiative.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share