CVE-2023-37351 – This vulnerability in Kofax Power PDF allows at... (How to Fix)

Q: What is the severity of CVE-2023-37351?

CVE-2023-37351 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Kofax Power PDF allows attackers to read memory beyond allocated boundaries when parsing malicious PDF files, potentially disclosing sensitive information. Users who open malicious PDF files or visit malicious web pages are affected. The vulnerability requires user interaction to trigger.

📋 TL;DR

This vulnerability in Kofax Power PDF allows attackers to read memory beyond allocated boundaries when parsing malicious PDF files, potentially disclosing sensitive information. Users who open malicious PDF files or visit malicious web pages are affected. The vulnerability requires user interaction to trigger.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Specific versions not specified in provided references, but likely multiple versions prior to patch.

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with vulnerable versions are affected when processing PDF files.

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the current process context.

🟠

Likely Case

Sensitive information disclosure from process memory, potentially including credentials or other confidential data.

🟢

If Mitigated

Limited impact with proper sandboxing and memory protection controls in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction but PDF files are commonly shared via email and web.

🏢 Internal Only: MEDIUM - Internal users opening malicious PDFs could be compromised.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious file) and may need additional vulnerabilities for full code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific patched version

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/5.0.0-5.0.0.10/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Security.07.3.html

Restart Required: Yes

Instructions:

1. Check current Power PDF version
2. Visit Kofax support portal
3. Download and install latest security update
4. Restart system

🔧 Temporary Workarounds

Disable PDF file opening

windows

Prevent Power PDF from being default handler for PDF files

Control Panel > Default Programs > Set Default Programs > Choose another program for .pdf

Application control

windows

Block Power PDF execution via application whitelisting

🧯 If You Can't Patch

Use alternative PDF viewers with updated security patches
Implement network segmentation to limit exposure of affected systems

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against Kofax security advisory for vulnerable versions

Check Version:

Open Power PDF > Help > About Power PDF

Verify Fix Applied:

Verify Power PDF version matches or exceeds patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs
Unexpected memory access errors in application logs

Network Indicators:

Unusual PDF file downloads to endpoints
External connections following PDF file access

SIEM Query:

source="Power PDF" AND (event_type="crash" OR event_type="error")

📊 Metadata

CVE ID: CVE-2023-37351

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-946/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-946/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37351, you might also want to check these: