CVE-2024-9751: CWE-125: Out-of-bounds Read in Tungsten Automation Power PDF
CVE-2024-9751 is a high-severity out-of-bounds read vulnerability in Tungsten Automation Power PDF's JP2 file parser. This flaw allows remote attackers to execute arbitrary code by tricking users into opening a malicious JP2 file or visiting a malicious page. The vulnerability arises from improper validation of user-supplied data, leading to reading beyond allocated memory. Exploitation requires user interaction but no privileges or complex conditions. Successful exploitation compromises confidentiality, integrity, and availability by executing code within the context of the affected process. No known exploits are currently in the wild. Organizations using affected versions should prioritize patching once available and implement strict file handling policies to mitigate risk.
AI Analysis
Technical Summary
CVE-2024-9751 is an out-of-bounds read vulnerability classified under CWE-125 found in the JP2 (JPEG 2000) file parsing component of Tungsten Automation Power PDF version 5.0.0.10.0.23307. The vulnerability stems from insufficient validation of user-supplied data during JP2 file processing, which allows an attacker to read memory beyond the allocated buffer. This memory corruption can be leveraged to execute arbitrary code remotely within the context of the Power PDF process. Exploitation requires user interaction, such as opening a crafted JP2 file or visiting a malicious web page that triggers the vulnerable parser. The CVSS v3.0 base score is 7.8, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The impact includes full compromise of confidentiality, integrity, and availability of the affected system. Although no public exploits have been reported yet, the vulnerability was reserved and published by the Zero Day Initiative (ZDI) under ZDI-CAN-24468, signaling credible risk. The lack of a patch at the time of disclosure necessitates immediate mitigation efforts to reduce exposure.
Potential Impact
If exploited, this vulnerability allows attackers to execute arbitrary code remotely on systems running the affected Power PDF version, potentially leading to full system compromise. This can result in unauthorized data access, data manipulation, or disruption of PDF processing workflows. Since Power PDF is used in many enterprise environments for document handling, exploitation could facilitate lateral movement, data exfiltration, or deployment of ransomware. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a significant risk. The vulnerability affects confidentiality, integrity, and availability, making it a critical concern for organizations relying on Power PDF for secure document management.
Mitigation Recommendations
Until an official patch is released, organizations should implement the following mitigations: 1) Restrict or disable the opening of JP2 files within Power PDF or configure the application to prompt users with warnings before opening such files. 2) Employ application whitelisting and sandboxing techniques to limit the execution context of Power PDF and contain potential exploitation. 3) Educate users to avoid opening unsolicited or suspicious PDF files, especially those containing embedded JP2 images from untrusted sources. 4) Monitor network and endpoint logs for unusual Power PDF activity or crashes that could indicate exploitation attempts. 5) Use endpoint detection and response (EDR) solutions to detect anomalous behavior related to code execution within Power PDF processes. 6) Consider deploying network-level protections such as blocking access to known malicious URLs that could host exploit files. 7) Maintain regular backups and incident response plans to quickly recover from potential compromises. Once a patch becomes available, prioritize its deployment across all affected systems.
Affected Countries
United States, Canada, United Kingdom, Germany, France, Japan, Australia, India, South Korea, Brazil
CVE-2024-9751: CWE-125: Out-of-bounds Read in Tungsten Automation Power PDF
Description
CVE-2024-9751 is a high-severity out-of-bounds read vulnerability in Tungsten Automation Power PDF's JP2 file parser. This flaw allows remote attackers to execute arbitrary code by tricking users into opening a malicious JP2 file or visiting a malicious page. The vulnerability arises from improper validation of user-supplied data, leading to reading beyond allocated memory. Exploitation requires user interaction but no privileges or complex conditions. Successful exploitation compromises confidentiality, integrity, and availability by executing code within the context of the affected process. No known exploits are currently in the wild. Organizations using affected versions should prioritize patching once available and implement strict file handling policies to mitigate risk.
AI-Powered Analysis
Technical Analysis
CVE-2024-9751 is an out-of-bounds read vulnerability classified under CWE-125 found in the JP2 (JPEG 2000) file parsing component of Tungsten Automation Power PDF version 5.0.0.10.0.23307. The vulnerability stems from insufficient validation of user-supplied data during JP2 file processing, which allows an attacker to read memory beyond the allocated buffer. This memory corruption can be leveraged to execute arbitrary code remotely within the context of the Power PDF process. Exploitation requires user interaction, such as opening a crafted JP2 file or visiting a malicious web page that triggers the vulnerable parser. The CVSS v3.0 base score is 7.8, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). The impact includes full compromise of confidentiality, integrity, and availability of the affected system. Although no public exploits have been reported yet, the vulnerability was reserved and published by the Zero Day Initiative (ZDI) under ZDI-CAN-24468, signaling credible risk. The lack of a patch at the time of disclosure necessitates immediate mitigation efforts to reduce exposure.
Potential Impact
If exploited, this vulnerability allows attackers to execute arbitrary code remotely on systems running the affected Power PDF version, potentially leading to full system compromise. This can result in unauthorized data access, data manipulation, or disruption of PDF processing workflows. Since Power PDF is used in many enterprise environments for document handling, exploitation could facilitate lateral movement, data exfiltration, or deployment of ransomware. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a significant risk. The vulnerability affects confidentiality, integrity, and availability, making it a critical concern for organizations relying on Power PDF for secure document management.
Mitigation Recommendations
Until an official patch is released, organizations should implement the following mitigations: 1) Restrict or disable the opening of JP2 files within Power PDF or configure the application to prompt users with warnings before opening such files. 2) Employ application whitelisting and sandboxing techniques to limit the execution context of Power PDF and contain potential exploitation. 3) Educate users to avoid opening unsolicited or suspicious PDF files, especially those containing embedded JP2 images from untrusted sources. 4) Monitor network and endpoint logs for unusual Power PDF activity or crashes that could indicate exploitation attempts. 5) Use endpoint detection and response (EDR) solutions to detect anomalous behavior related to code execution within Power PDF processes. 6) Consider deploying network-level protections such as blocking access to known malicious URLs that could host exploit files. 7) Maintain regular backups and incident response plans to quickly recover from potential compromises. Once a patch becomes available, prioritize its deployment across all affected systems.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-10-09T19:43:39.719Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6b5eb7ef31ef0b554b58
Added to database: 2/25/2026, 9:36:30 PM
Last enriched: 2/25/2026, 11:39:14 PM
Last updated: 2/26/2026, 6:37:38 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumCVE-2026-2499: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tgrk Custom Logo
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.