CVE-2024-27346: CWE-125: Out-of-bounds Read in Kofax Power PDF
Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22934.
AI Analysis
Technical Summary
CVE-2024-27346 is a security vulnerability identified in Kofax Power PDF version 5.0.0.57, classified under CWE-125 (Out-of-bounds Read). The vulnerability occurs during the parsing of PDF files, where the software fails to properly validate user-supplied data, resulting in reading beyond the bounds of an allocated buffer. This out-of-bounds read can lead to the disclosure of sensitive information from the application's memory space. Although the immediate impact is information disclosure, the vulnerability can be exploited in combination with other flaws to execute arbitrary code within the context of the current process. Exploitation requires user interaction, such as opening a crafted malicious PDF file or visiting a malicious webpage that triggers the vulnerability. The CVSS 3.0 base score is 3.3, indicating a low severity primarily due to the requirement for user interaction and limited impact scope (confidentiality only). No public exploits or active exploitation in the wild have been reported to date. The vulnerability was reserved on February 23, 2024, and published on April 3, 2024, by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-22934. No official patches are currently linked, suggesting users should monitor vendor advisories closely for updates.
Potential Impact
The primary impact of CVE-2024-27346 is the potential disclosure of sensitive information from the memory of affected Kofax Power PDF installations. This can lead to leakage of confidential data such as document contents, user credentials, or cryptographic material residing in memory. While the vulnerability itself does not directly compromise system integrity or availability, it can serve as a stepping stone for attackers to chain with other vulnerabilities to achieve arbitrary code execution, thereby escalating the threat significantly. Organizations relying on Kofax Power PDF for document handling may face risks of data leakage, especially if users are tricked into opening malicious PDFs. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a concern. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.
Mitigation Recommendations
1. Monitor Kofax vendor advisories and apply security patches promptly once released for Power PDF 5.0.0.57 or affected versions. 2. Implement strict email and web filtering to block or quarantine suspicious PDF files from untrusted sources to reduce the risk of users opening malicious documents. 3. Educate users about the risks of opening unsolicited or unexpected PDF attachments and visiting untrusted websites. 4. Employ application whitelisting and sandboxing techniques to limit the execution context of Kofax Power PDF, reducing the impact of potential exploitation. 5. Use endpoint detection and response (EDR) tools to monitor for anomalous behavior indicative of exploitation attempts. 6. Consider disabling or restricting PDF viewing capabilities in environments where document handling is not critical or can be offloaded to more secure platforms. 7. Regularly review and update security policies related to document handling and user interaction with external content.
Affected Countries
United States, Canada, United Kingdom, Germany, Australia, Japan, France, Netherlands, Sweden, Switzerland
CVE-2024-27346: CWE-125: Out-of-bounds Read in Kofax Power PDF
Description
Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22934.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-27346 is a security vulnerability identified in Kofax Power PDF version 5.0.0.57, classified under CWE-125 (Out-of-bounds Read). The vulnerability occurs during the parsing of PDF files, where the software fails to properly validate user-supplied data, resulting in reading beyond the bounds of an allocated buffer. This out-of-bounds read can lead to the disclosure of sensitive information from the application's memory space. Although the immediate impact is information disclosure, the vulnerability can be exploited in combination with other flaws to execute arbitrary code within the context of the current process. Exploitation requires user interaction, such as opening a crafted malicious PDF file or visiting a malicious webpage that triggers the vulnerability. The CVSS 3.0 base score is 3.3, indicating a low severity primarily due to the requirement for user interaction and limited impact scope (confidentiality only). No public exploits or active exploitation in the wild have been reported to date. The vulnerability was reserved on February 23, 2024, and published on April 3, 2024, by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-22934. No official patches are currently linked, suggesting users should monitor vendor advisories closely for updates.
Potential Impact
The primary impact of CVE-2024-27346 is the potential disclosure of sensitive information from the memory of affected Kofax Power PDF installations. This can lead to leakage of confidential data such as document contents, user credentials, or cryptographic material residing in memory. While the vulnerability itself does not directly compromise system integrity or availability, it can serve as a stepping stone for attackers to chain with other vulnerabilities to achieve arbitrary code execution, thereby escalating the threat significantly. Organizations relying on Kofax Power PDF for document handling may face risks of data leakage, especially if users are tricked into opening malicious PDFs. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a concern. The absence of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.
Mitigation Recommendations
1. Monitor Kofax vendor advisories and apply security patches promptly once released for Power PDF 5.0.0.57 or affected versions. 2. Implement strict email and web filtering to block or quarantine suspicious PDF files from untrusted sources to reduce the risk of users opening malicious documents. 3. Educate users about the risks of opening unsolicited or unexpected PDF attachments and visiting untrusted websites. 4. Employ application whitelisting and sandboxing techniques to limit the execution context of Kofax Power PDF, reducing the impact of potential exploitation. 5. Use endpoint detection and response (EDR) tools to monitor for anomalous behavior indicative of exploitation attempts. 6. Consider disabling or restricting PDF viewing capabilities in environments where document handling is not critical or can be offloaded to more secure platforms. 7. Regularly review and update security policies related to document handling and user interaction with external content.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-02-23T19:56:32.962Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6d7bb7ef31ef0b576c18
Added to database: 2/25/2026, 9:45:31 PM
Last enriched: 2/26/2026, 11:00:20 AM
Last updated: 4/12/2026, 2:03:10 PM
Views: 14
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.