CVE-2024-9764
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-9764 is a Remote Code Execution vulnerability affecting Tungsten Automation Power PDF. This issue arises due to the software's failure to validate the existence of an object before performing operations on it during PDF file parsing. An attacker can exploit this Use-After-Free vulnerability by crafting a malicious PDF file or directing a user to a malicious webpage. Successful exploitation allows the attacker to execute arbitrary code in the context of the affected installation. This vulnerability, originally identified as ZDI-CAN-24480, poses a significant risk to systems using Tungsten Automation Power PDF and requires immediate attention for patching or mitigation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.