2024-11-26
This article describes a critical vulnerability (CVE-2024-9755) in Tungsten Automation Power PDF that allows remote attackers to execute arbitrary code on affected systems.
Vulnerability :
Platform: Tungsten Automation Power PDF
Version: All versions (not specified)
Vulnerability: Out-of-Bounds Read Remote Code Execution (RCE) in JP2 file parsing
Severity: Critical
Date: November 22, 2024 (published by NIST)
What Undercode Says:
This vulnerability is severe because it allows attackers to take complete control of affected systems by executing arbitrary code. Users of Tungsten Automation Power PDF should patch their software immediately or take steps to mitigate the risk, such as disabling the processing of JP2 files.
Additional Notes:
User interaction is required to exploit this vulnerability (e.g., opening a malicious JP2 file).
The vulnerability stems from a lack of proper validation during JP2 file parsing.
Metrics (around 60 lines):
This section is not generated by me
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help