CVE-2024-9755: CWE-125: Out-of-bounds Read in Tungsten Automation Power PDF
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24472.
AI Analysis
Technical Summary
CVE-2024-9755 is an out-of-bounds read vulnerability classified under CWE-125 affecting Tungsten Automation Power PDF, specifically in the JP2 (JPEG 2000) file parsing component. The vulnerability stems from insufficient validation of user-supplied data during JP2 file processing, which allows an attacker to read memory beyond the bounds of allocated objects. This memory corruption can be leveraged to execute arbitrary code remotely in the context of the current process. Exploitation requires user interaction, such as opening a crafted JP2 file or visiting a malicious webpage that triggers the vulnerable parser. The vulnerability does not require any privileges or authentication, increasing its risk profile. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction. No patches are currently listed, and no known exploits have been observed in the wild, but the vulnerability was responsibly disclosed and tracked as ZDI-CAN-24472. This flaw poses a significant risk to environments using the affected Power PDF version 5.0.0.10.0.23307, especially where untrusted files or web content are handled.
Potential Impact
The vulnerability enables remote code execution, allowing attackers to gain the same privileges as the user running Power PDF. This can lead to full system compromise, data theft, or disruption of services. Since the attack vector involves user interaction with malicious JP2 files or web content, organizations that frequently handle external PDF or image files are at heightened risk. The compromise of confidentiality, integrity, and availability can affect sensitive documents and workflows, potentially leading to intellectual property loss, regulatory non-compliance, and operational downtime. The lack of authentication requirement broadens the attack surface, making phishing or drive-by download attacks viable. Given the widespread use of PDF tools in corporate, government, and industrial sectors, the impact could be significant if exploited at scale.
Mitigation Recommendations
Organizations should immediately restrict or monitor the handling of JP2 files within Power PDF until a patch is released. Employ file type filtering and sandboxing to isolate PDF processing. Educate users to avoid opening suspicious files or links from untrusted sources. Implement network-level protections such as web filtering and email gateway scanning to block malicious content delivery. Utilize endpoint detection and response (EDR) tools to detect anomalous behaviors indicative of exploitation attempts. Coordinate with Tungsten Automation for timely patch deployment once available. Consider disabling JP2 file support if feasible or using alternative PDF readers with no known vulnerabilities in JP2 parsing. Regularly update threat intelligence feeds to stay informed of emerging exploits related to this vulnerability.
Affected Countries
United States, Canada, United Kingdom, Germany, France, Japan, South Korea, Australia, India, Brazil
CVE-2024-9755: CWE-125: Out-of-bounds Read in Tungsten Automation Power PDF
Description
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24472.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-9755 is an out-of-bounds read vulnerability classified under CWE-125 affecting Tungsten Automation Power PDF, specifically in the JP2 (JPEG 2000) file parsing component. The vulnerability stems from insufficient validation of user-supplied data during JP2 file processing, which allows an attacker to read memory beyond the bounds of allocated objects. This memory corruption can be leveraged to execute arbitrary code remotely in the context of the current process. Exploitation requires user interaction, such as opening a crafted JP2 file or visiting a malicious webpage that triggers the vulnerable parser. The vulnerability does not require any privileges or authentication, increasing its risk profile. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction. No patches are currently listed, and no known exploits have been observed in the wild, but the vulnerability was responsibly disclosed and tracked as ZDI-CAN-24472. This flaw poses a significant risk to environments using the affected Power PDF version 5.0.0.10.0.23307, especially where untrusted files or web content are handled.
Potential Impact
The vulnerability enables remote code execution, allowing attackers to gain the same privileges as the user running Power PDF. This can lead to full system compromise, data theft, or disruption of services. Since the attack vector involves user interaction with malicious JP2 files or web content, organizations that frequently handle external PDF or image files are at heightened risk. The compromise of confidentiality, integrity, and availability can affect sensitive documents and workflows, potentially leading to intellectual property loss, regulatory non-compliance, and operational downtime. The lack of authentication requirement broadens the attack surface, making phishing or drive-by download attacks viable. Given the widespread use of PDF tools in corporate, government, and industrial sectors, the impact could be significant if exploited at scale.
Mitigation Recommendations
Organizations should immediately restrict or monitor the handling of JP2 files within Power PDF until a patch is released. Employ file type filtering and sandboxing to isolate PDF processing. Educate users to avoid opening suspicious files or links from untrusted sources. Implement network-level protections such as web filtering and email gateway scanning to block malicious content delivery. Utilize endpoint detection and response (EDR) tools to detect anomalous behaviors indicative of exploitation attempts. Coordinate with Tungsten Automation for timely patch deployment once available. Consider disabling JP2 file support if feasible or using alternative PDF readers with no known vulnerabilities in JP2 parsing. Regularly update threat intelligence feeds to stay informed of emerging exploits related to this vulnerability.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-10-09T19:43:56.773Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6b5eb7ef31ef0b554b64
Added to database: 2/25/2026, 9:36:30 PM
Last enriched: 2/25/2026, 11:40:03 PM
Last updated: 4/12/2026, 7:58:57 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.