CVE-2024-9763

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Nov 22, 2024
Updated: Dec 5, 2024
CWE ID 125

Summary

CVE-2024-9763 is an Information Disclosure vulnerability affecting Tungsten Automation Power PDF. This issue arises due to inadequate validation of user-supplied data during PDF file parsing, resulting in an Out-of-Bounds Read. Remote attackers can exploit this vulnerability by compelling the target to visit a malicious webpage or open a malicious PDF file. Successful exploitation allows attackers to disclose sensitive information, potentially leading to more serious consequences like arbitrary code execution (as demonstrated by ZDI-CAN-24479).

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share