CVE-2024-5304 is a remote code execution vulnerability identified in Kofax Power PDF version 5.0.0.57, related to an out-of-bounds write condition (CWE-787) during the parsing of TGA image files. The vulnerability occurs because the software does not properly validate user-supplied data when processing TGA files, which can lead to writing beyond the allocated buffer boundaries. This memory corruption flaw can be exploited by an attacker who crafts a malicious TGA file and convinces a user to open it or visit a web page that loads such a file. The attack vector requires user interaction but no authentication, making it a significant risk in environments where users frequently handle PDF documents with embedded or linked images. The flaw allows execution of arbitrary code with the privileges of the user running the Power PDF application, potentially leading to full system compromise. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no active exploits have been reported, the vulnerability was responsibly disclosed and published by the Zero Day Initiative (ZDI) as ZDI-CAN-22920. Organizations relying on Kofax Power PDF should monitor for patches and consider interim mitigations such as restricting TGA file handling and user awareness training.

The impact of CVE-2024-5304 is significant for organizations using Kofax Power PDF 5.0.0.57, as it enables remote code execution through a crafted TGA file. Successful exploitation can lead to full compromise of the affected system under the context of the user running the application, potentially allowing attackers to steal sensitive data, install malware, or disrupt operations. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be used to deliver malicious files. The broad use of PDF software in enterprises, government, and critical infrastructure increases the risk of targeted attacks. Additionally, the ability to execute arbitrary code without authentication expands the threat surface, especially in environments where users frequently exchange documents. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.

To mitigate CVE-2024-5304, organizations should: 1) Monitor Kofax and security advisories closely for official patches or updates and apply them promptly once released. 2) Implement strict file handling policies that restrict or block TGA files from untrusted sources, especially in email and web gateways. 3) Educate users about the risks of opening files from unknown or suspicious origins, emphasizing caution with unexpected attachments or links. 4) Employ endpoint protection solutions capable of detecting anomalous behavior or exploitation attempts related to PDF processing. 5) Consider sandboxing or isolating PDF viewing applications to limit the impact of potential exploitation. 6) Review and harden user privileges to minimize the permissions of accounts running Kofax Power PDF, reducing the scope of compromise. 7) Use network-level controls to limit access to resources that could be targeted post-exploitation. These steps go beyond generic advice by focusing on controlling the specific attack vector (TGA files) and reducing user exposure.