CVE-2024-12550: Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2024-12550?
CVE-2024-12550 has a medium severity rating due to its ability to disclose sensitive information.
How do I fix CVE-2024-12550?
To fix CVE-2024-12550, ensure that you update to the latest version of Tungsten Automation Power PDF.
What type of attacks does CVE-2024-12550 allow?
CVE-2024-12550 allows remote attackers to disclose sensitive information through user interaction.
Is user interaction required to exploit CVE-2024-12550?
Yes, user interaction is required for exploiting CVE-2024-12550 by visiting a malicious page or opening a malicious file.
Which software is affected by CVE-2024-12550?
CVE-2024-12550 affects installations of Tungsten Automation Power PDF.