CVE-2023-51569 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-51569?

CVE-2023-51569 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious BMP files in Kofax Power PDF. The flaw exists in BMP file parsing where improper data validation enables out-of-bounds writes. All users of affected Kofax Power PDF versions are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious BMP files in Kofax Power PDF. The flaw exists in BMP file parsing where improper data validation enables out-of-bounds writes. All users of affected Kofax Power PDF versions are at risk.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Versions prior to the patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: User interaction required - victim must open malicious BMP file

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system in the context of the current user.

🟠

Likely Case

Remote code execution leading to malware installation, data theft, or ransomware deployment.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user to open malicious file but no authentication needed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific version

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/5.5.0-d3ps5gqk5d/print/ReadMe.htm

Restart Required: Yes

Instructions:

1. Check current Power PDF version
2. Download latest version from Kofax website
3. Install update
4. Restart system

🔧 Temporary Workarounds

Block BMP file extensions

windows

Prevent Power PDF from opening BMP files via group policy or application settings

Disable BMP file association

windows

Remove BMP file association with Power PDF in Windows

assoc .bmp=
ftype BMPFile=

🧯 If You Can't Patch

Restrict user privileges to prevent system-wide compromise
Implement application sandboxing or virtualization

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against patched version in Kofax advisory

Check Version:

Open Power PDF → Help → About

Verify Fix Applied:

Verify Power PDF version matches or exceeds patched version

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs with BMP file access
Unexpected process execution from Power PDF

Network Indicators:

Downloads of BMP files followed by Power PDF execution

SIEM Query:

Process:PowerPDF.exe AND FileExtension:.bmp

📊 Metadata

CVE ID: CVE-2023-51569

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-007/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-007/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51569, you might also want to check these: