CVE-2023-37358 – This vulnerability in Kofax Power PDF allows at... (How to Fix)

Q: What is the severity of CVE-2023-37358?

CVE-2023-37358 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Kofax Power PDF allows attackers to read memory beyond allocated bounds when processing malicious U3D files, potentially disclosing sensitive information. Users who open malicious PDF files containing crafted U3D content are affected. Attackers could combine this with other vulnerabilities to achieve arbitrary code execution.

📋 TL;DR

This vulnerability in Kofax Power PDF allows attackers to read memory beyond allocated bounds when processing malicious U3D files, potentially disclosing sensitive information. Users who open malicious PDF files containing crafted U3D content are affected. Attackers could combine this with other vulnerabilities to achieve arbitrary code execution.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Specific versions not detailed in provided references, but likely multiple versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in U3D file parsing component; all installations with vulnerable versions are affected.

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure leading to sensitive data exposure, potentially combined with other vulnerabilities to achieve remote code execution in the context of the PDF viewer process.

🟠

Likely Case

Information disclosure from process memory, potentially revealing application data or system information that could aid further attacks.

🟢

If Mitigated

Limited impact if proper file validation and sandboxing are in place, with potential for crash but no data exfiltration.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but PDFs are commonly shared via email and web.

🏢 Internal Only: MEDIUM - Similar risk internally as users may open files from untrusted internal sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious file; exploitation may require chaining with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific patched version

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/4.0.0-4p1njvx9eo/print/olh_merged/Content/ReleaseNotes/ReleaseNotes.htm

Restart Required: Yes

Instructions:

1. Check current Power PDF version. 2. Visit Kofax support portal. 3. Download and install latest security update. 4. Restart system.

🔧 Temporary Workarounds

Disable U3D file processing

windows

Configure Power PDF to disable U3D file parsing if not required

Use application sandboxing

windows

Run Power PDF in restricted/sandboxed environment

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized PDF files
Educate users to avoid opening PDF files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against Kofax security advisory; vulnerable if using unpatched version

Check Version:

In Power PDF: Help → About Power PDF

Verify Fix Applied:

Verify Power PDF version matches or exceeds patched version specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing PDF files
Unexpected memory access errors in application logs

Network Indicators:

Downloads of PDF files from suspicious sources
Outbound connections following PDF file opening

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="PowerPDF.exe" AND ExceptionCode=0xC0000005

📊 Metadata

CVE ID: CVE-2023-37358

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-953/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-953/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37358, you might also want to check these: