ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΠΎΠ³ΠΎ ΡΡΠ΅Π΄ΡΡΠ²Π° ΡΠΎΠ·Π΄Π°Π½ΠΈΡ, ΠΊΠΎΠ½Π²Π΅ΡΡΠ°ΡΠΈΠΈ, ΡΠ΅Π΄Π°ΠΊΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΈ ΠΏΡΠ±Π»ΠΈΠΊΠ°ΡΠΈΠΈ PDF-ΡΠ°ΠΉΠ»ΠΎΠ² Kofax PowerPDF ΡΠ²ΡΠ·Π°Π½Π° Ρ Π²ΡΡ ΠΎΠ΄ΠΎΠΌ ΠΎΠΏΠ΅ΡΠ°ΡΠΈΠΈ Π·Π° Π³ΡΠ°Π½ΠΈΡΡ Π±ΡΡΠ΅ΡΠ° Π² ΠΏΠ°ΠΌΡΡΠΈ. ΠΠΊΡΠΏΠ»ΡΠ°ΡΠ°ΡΠΈΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ ΠΌΠΎΠΆΠ΅Ρ ΠΏΠΎΠ·Π²ΠΎΠ»ΠΈΡΡ Π½Π°ΡΡΡΠΈΡΠ΅Π»Ρ Π²ΡΠΏΠΎΠ»Π½ΠΈΡΡ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ»ΡΠ½ΡΠΉ ΠΊΠΎΠ΄ Ρ ΠΏΠΎΠΌΠΎΡΡΡ ΡΠΏΠ΅ΡΠΈΠ°Π»ΡΠ½ΠΎ ΡΠΎΠ·Π΄Π°Π½Π½ΠΎΠ³ΠΎ PDF-ΡΠ°ΠΉΠ»Π°
ΠΠ΅Π½Π΄ΠΎΡ
ΠΠ°ΠΈΠΌΠ΅Π½ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΠ
ΠΠ΅ΡΡΠΈΡ ΠΠ
Π’ΠΈΠΏ ΠΠ
ΠΠΏΠ΅ΡΠ°ΡΠΈΠΎΠ½Π½ΡΠ΅ ΡΠΈΡΡΠ΅ΠΌΡ ΠΈ Π°ΠΏΠΏΠ°ΡΠ°ΡΠ½ΡΠ΅ ΠΏΠ»Π°ΡΡΠΎΡΠΌΡ
Π£ΡΠΎΠ²Π΅Π½Ρ ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
ΠΠΎΠ·ΠΌΠΎΠΆΠ½ΡΠ΅ ΠΌΠ΅ΡΡ ΠΏΠΎ ΡΡΡΡΠ°Π½Π΅Π½ΠΈΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
Π‘ΡΠ°ΡΡΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
ΠΠ°Π»ΠΈΡΠΈΠ΅ ΡΠΊΡΠΏΠ»ΠΎΠΉΡΠ°
ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ ΠΎΠ± ΡΡΡΡΠ°Π½Π΅Π½ΠΈΠΈ
Π‘ΡΡΠ»ΠΊΠΈ Π½Π° ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΈ
ΠΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡΡ Π΄ΡΡΠ³ΠΈΡ ΡΠΈΡΡΠ΅ΠΌ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠΉ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠ΅ΠΉ
- CVE
- ZDI
- ZDI-CAN
EPSS
7.8 High
CVSS3
7.2 High
CVSS2
Π‘Π²ΡΠ·Π°Π½Π½ΡΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ
Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22928.
Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22928.
EPSS
7.8 High
CVSS3
7.2 High
CVSS2