CVE-2024-9746: CWE-787: Out-of-bounds Write in Tungsten Automation Power PDF
Tungsten Automation Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24462.
AI Analysis
Technical Summary
CVE-2024-9746 is a vulnerability classified under CWE-787 (Out-of-bounds Write) affecting Tungsten Automation Power PDF version 5.0.0.10.0.23307. The vulnerability arises from improper validation during the parsing of TGA image files embedded or opened within the PDF software. Specifically, the software fails to correctly validate user-supplied data, leading to a write operation beyond the allocated memory buffer boundaries. This memory corruption can be exploited by a remote attacker who convinces a user to open a maliciously crafted TGA file or visit a webpage that triggers the vulnerable parsing routine. The out-of-bounds write can corrupt memory in a way that allows the attacker to execute arbitrary code with the privileges of the current user running the Power PDF application. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction. No public exploits have been reported yet, but the vulnerability was reserved and published by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-24462. The vulnerability affects a widely used PDF processing tool, which is often employed in business and government environments for document handling, increasing the potential attack surface.
Potential Impact
The impact of CVE-2024-9746 is significant for organizations using Tungsten Automation Power PDF, as successful exploitation leads to remote code execution. This can result in full compromise of the affected system under the context of the user running the application. Attackers could steal sensitive information, install malware, or move laterally within networks. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be leveraged to deliver malicious TGA files or URLs. The compromise of document processing tools is particularly dangerous in environments handling confidential or regulated data, such as legal, financial, healthcare, and government sectors. The lack of current public exploits reduces immediate risk but also means organizations should act proactively. The vulnerability could be used as an initial infection vector or persistence mechanism in targeted attacks.
Mitigation Recommendations
Organizations should monitor for and apply official patches from Tungsten Automation as soon as they become available. In the absence of patches, restrict or disable the opening of TGA files within Power PDF if possible. Employ application whitelisting and sandboxing to limit the execution context of Power PDF. Educate users to avoid opening unsolicited or suspicious files and links, especially those involving TGA images. Network-level protections such as email filtering and web content scanning can help block malicious payloads. Use endpoint detection and response (EDR) tools to detect anomalous behavior indicative of exploitation attempts. Regularly update and harden the operating system and related software to reduce the attack surface. Finally, maintain robust backup and incident response plans to recover from potential compromises.
Affected Countries
United States, Canada, United Kingdom, Germany, France, Australia, Japan, South Korea, India, Brazil
CVE-2024-9746: CWE-787: Out-of-bounds Write in Tungsten Automation Power PDF
Description
Tungsten Automation Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24462.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-9746 is a vulnerability classified under CWE-787 (Out-of-bounds Write) affecting Tungsten Automation Power PDF version 5.0.0.10.0.23307. The vulnerability arises from improper validation during the parsing of TGA image files embedded or opened within the PDF software. Specifically, the software fails to correctly validate user-supplied data, leading to a write operation beyond the allocated memory buffer boundaries. This memory corruption can be exploited by a remote attacker who convinces a user to open a maliciously crafted TGA file or visit a webpage that triggers the vulnerable parsing routine. The out-of-bounds write can corrupt memory in a way that allows the attacker to execute arbitrary code with the privileges of the current user running the Power PDF application. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction. No public exploits have been reported yet, but the vulnerability was reserved and published by the Zero Day Initiative (ZDI) under identifier ZDI-CAN-24462. The vulnerability affects a widely used PDF processing tool, which is often employed in business and government environments for document handling, increasing the potential attack surface.
Potential Impact
The impact of CVE-2024-9746 is significant for organizations using Tungsten Automation Power PDF, as successful exploitation leads to remote code execution. This can result in full compromise of the affected system under the context of the user running the application. Attackers could steal sensitive information, install malware, or move laterally within networks. Since the vulnerability requires user interaction, phishing or social engineering campaigns could be leveraged to deliver malicious TGA files or URLs. The compromise of document processing tools is particularly dangerous in environments handling confidential or regulated data, such as legal, financial, healthcare, and government sectors. The lack of current public exploits reduces immediate risk but also means organizations should act proactively. The vulnerability could be used as an initial infection vector or persistence mechanism in targeted attacks.
Mitigation Recommendations
Organizations should monitor for and apply official patches from Tungsten Automation as soon as they become available. In the absence of patches, restrict or disable the opening of TGA files within Power PDF if possible. Employ application whitelisting and sandboxing to limit the execution context of Power PDF. Educate users to avoid opening unsolicited or suspicious files and links, especially those involving TGA images. Network-level protections such as email filtering and web content scanning can help block malicious payloads. Use endpoint detection and response (EDR) tools to detect anomalous behavior indicative of exploitation attempts. Regularly update and harden the operating system and related software to reduce the attack surface. Finally, maintain robust backup and incident response plans to recover from potential compromises.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-10-09T19:43:19.755Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6b5db7ef31ef0b554adf
Added to database: 2/25/2026, 9:36:29 PM
Last enriched: 2/27/2026, 5:25:25 PM
Last updated: 4/12/2026, 3:54:22 PM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.