Lucene search

K
zdiMat Powell of Trend Micro Zero Day InitiativeZDI-23-1909
HistoryDec 21, 2023 - 12:00 a.m.

(0Day) Kofax Power PDF J2K File Parsing Memory Corruption Remote Code Execution Vulnerability

2023-12-2100:00:00
Mat Powell of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
9
vulnerability
remote code execution
kofax power pdf
j2k files
memory corruption
user interaction
malicious page
malicious file
validation
user-supplied data
current process

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process.

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

Related for ZDI-23-1909