Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

An out-of-bounds read vulnerability allowing information disclosure has been identified in Tungsten Automation Power PDF. This issue arises from improper validation of user-supplied data when parsing JP2 files, leading to a read past the end of an allocated object. Remote attackers can exploit this vulnerability to disclose sensitive information on affected installations, but user interaction is required, as the target must open a malicious file or visit a harmful webpage. Additionally, this vulnerability could be leveraged, in conjunction with others, to execute arbitrary code within the current process context.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure. Furthermore, according to the Zero Day Initiative, this vulnerability could be combined with others to execute arbitrary code in the context of the current process.