CVE-2024-5301 is a heap-based buffer overflow vulnerability identified in Kofax Power PDF version 5.0.0.57, related to the parsing of PSD (Photoshop Document) files. The vulnerability stems from inadequate validation of the length of user-supplied data before it is copied into a fixed-length heap buffer. This lack of proper bounds checking can lead to a buffer overflow condition, allowing an attacker to overwrite adjacent memory on the heap. Such memory corruption can be exploited to execute arbitrary code within the context of the affected process. The attack vector requires user interaction, specifically opening a malicious PSD file or visiting a malicious webpage that triggers the vulnerable code path. The vulnerability is classified under CWE-122 (Heap-based Buffer Overflow) and has a CVSS v3.0 score of 7.8, indicating high severity. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-22917 and published on June 6, 2024. While no public exploits are known at this time, the potential for remote code execution makes this a critical issue for users of Kofax Power PDF. The vulnerability affects version 5.0.0.57, and no patches or updates were listed at the time of reporting, emphasizing the need for vigilance and interim mitigations.

The impact of CVE-2024-5301 is significant for organizations using Kofax Power PDF, particularly version 5.0.0.57. Successful exploitation allows remote attackers to execute arbitrary code with the privileges of the user running the application, potentially leading to full system compromise if the user has administrative rights. This can result in unauthorized access to sensitive documents, data theft, installation of malware, or disruption of business operations. Since the vulnerability requires user interaction, phishing or social engineering tactics could be used to deliver malicious PSD files or lure users to compromised websites. The confidentiality, integrity, and availability of affected systems are all at risk. Organizations relying on Kofax Power PDF for document management, especially in regulated industries or those handling sensitive information, face elevated risks. The absence of known exploits in the wild currently reduces immediate threat but does not eliminate the risk of future attacks.

To mitigate CVE-2024-5301, organizations should first verify if they are running the affected version 5.0.0.57 of Kofax Power PDF and plan to upgrade to a patched version once available. In the absence of an official patch, implement the following measures: 1) Restrict or disable the opening of PSD files within Kofax Power PDF if not required for business operations. 2) Employ application whitelisting and sandboxing to limit the execution context of Kofax Power PDF, reducing the impact of potential exploitation. 3) Educate users to avoid opening PSD files from untrusted sources and to be cautious of phishing attempts that may deliver malicious files or links. 4) Use endpoint detection and response (EDR) tools to monitor for suspicious behavior indicative of exploitation attempts. 5) Implement network-level protections such as blocking access to known malicious sites and scanning inbound files for malicious content. 6) Regularly review and update security policies to include handling of document-based vulnerabilities. These targeted mitigations help reduce the attack surface and limit the potential damage until an official patch is deployed.