CVE-2024-27337 is a stack-based buffer overflow vulnerability identified in Kofax Power PDF version 5.0.0.57, specifically within the TIF file parsing component. The vulnerability stems from insufficient validation of the length of user-supplied data before it is copied into a fixed-length buffer allocated on the stack. This lack of proper bounds checking can lead to a buffer overflow condition, which attackers can exploit by crafting malicious TIF files. When a user opens such a file or visits a malicious page that triggers the parsing of the crafted TIF, the overflow can overwrite the stack, enabling arbitrary code execution within the context of the running application. The vulnerability requires user interaction (opening a file or visiting a page) but does not require any privileges or authentication, making it a significant risk for end users. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow) and was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-22033. The CVSS v3.0 base score is 7.8, reflecting high severity due to the potential for remote code execution with high impact on confidentiality, integrity, and availability. No patches or exploits are publicly available at the time of disclosure, but the risk remains substantial given the nature of the flaw and the widespread use of Kofax Power PDF in document management environments.

The impact of CVE-2024-27337 is significant for organizations using Kofax Power PDF, especially in environments where TIF files are commonly handled or received from external sources. Successful exploitation allows attackers to execute arbitrary code remotely, potentially leading to full system compromise under the context of the user running the application. This can result in data theft, unauthorized system control, installation of malware, ransomware deployment, or disruption of business operations. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be leveraged to deliver malicious TIF files. The compromise of document processing workstations or servers could facilitate lateral movement within networks, especially in organizations relying heavily on PDF workflows. The confidentiality, integrity, and availability of sensitive documents and systems are at risk, making this a critical concern for sectors such as finance, legal, government, and healthcare where document security is paramount.

Organizations should immediately verify if they are running the affected version (5.0.0.57) of Kofax Power PDF and prioritize upgrading to a patched version once available. In the absence of an official patch, implement strict controls on the handling of TIF files, including disabling automatic preview or opening of TIF files within the application. Employ email and web gateway filters to block or quarantine suspicious TIF files and educate users about the risks of opening files from untrusted sources. Use endpoint protection solutions capable of detecting exploit attempts targeting buffer overflows. Network segmentation and application whitelisting can limit the impact of a successful exploit. Monitoring for anomalous process behavior related to Kofax Power PDF can aid in early detection of exploitation attempts. Finally, coordinate with Kofax support for any interim mitigations or updates and maintain regular backups to mitigate potential ransomware or data loss scenarios.