CVE-2023-38081 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-38081?

CVE-2023-38081 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious JP2 files in Kofax Power PDF. The flaw exists in JP2 file parsing where improper data validation enables out-of-bounds writes. All users of affected Kofax Power PDF versions are vulnerable.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious JP2 files in Kofax Power PDF. The flaw exists in JP2 file parsing where improper data validation enables out-of-bounds writes. All users of affected Kofax Power PDF versions are vulnerable.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Versions prior to the patched version (specific version numbers not provided in references)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. User interaction required (opening malicious file).

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine in the context of the current user.

🟠

Likely Case

Remote code execution leading to data theft, ransomware deployment, or lateral movement within the network.

🟢

If Mitigated

Limited impact if proper security controls prevent malicious file execution or contain the process.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to open malicious JP2 file. No authentication needed for the exploit itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-23-959/

Restart Required: Yes

Instructions:

1. Check Kofax Power PDF version
2. Update to latest version from official Kofax website
3. Restart system after installation

🔧 Temporary Workarounds

Disable JP2 file association

windows

Prevent Power PDF from automatically opening JP2 files

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .jp2 association to another application

Block JP2 files at perimeter

all

Prevent JP2 files from entering the network

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized executables
Use sandboxing or virtualization for PDF processing

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against latest patched version from Kofax

Check Version:

Open Power PDF > Help > About

Verify Fix Applied:

Verify Power PDF version is updated to latest release

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs with memory access violations
Unexpected child processes spawned from Power PDF

Network Indicators:

Unusual outbound connections from Power PDF process

SIEM Query:

Process creation where parent process contains 'PowerPDF' AND (command line contains '.jp2' OR file extension is '.jp2')

📊 Metadata

CVE ID: CVE-2023-38081

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-959/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-959/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38081, you might also want to check these: