CVE-2024-9757: Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2024-9757?
CVE-2024-9757 has been classified as a medium severity vulnerability due to its potential for information disclosure.
How do I fix CVE-2024-9757?
To mitigate CVE-2024-9757, ensure that all installations of Tungsten Automation Power PDF are updated to the latest version beyond 5.1.0.1.
What type of information can be disclosed by exploiting CVE-2024-9757?
Exploitation of CVE-2024-9757 may lead to the disclosure of sensitive information from affected installations of Tungsten Automation Power PDF.
Is user interaction required to exploit CVE-2024-9757?
Yes, exploitation of CVE-2024-9757 requires user interaction, such as visiting a malicious webpage or opening a harmful file.
Which versions of Tungsten Automation Power PDF are affected by CVE-2024-9757?
CVE-2024-9757 affects versions of Tungsten Automation Power PDF up to and including 5.1.0.1.