CVE-2024-9764

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 22, 2024
Updated: Nov 26, 2024
CWE ID 416

Summary

CVE-2024-9764 is a Remote Code Execution vulnerability affecting Tungsten Automation Power PDF. This issue arises due to the software's failure to validate the existence of an object before performing operations on it during PDF file parsing. An attacker can exploit this Use-After-Free vulnerability by crafting a malicious PDF file or directing a user to a malicious webpage. Successful exploitation allows the attacker to execute arbitrary code in the context of the affected installation. This vulnerability, originally identified as ZDI-CAN-24480, poses a significant risk to systems using Tungsten Automation Power PDF and requires immediate attention for patching or mitigation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share