CVE-2023-51610 – This vulnerability in Kofax Power PDF allows at... (How to Fix)

Q: What is the severity of CVE-2023-51610?

CVE-2023-51610 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Kofax Power PDF allows attackers to disclose sensitive information by tricking users into opening malicious JP2 files. The flaw exists in how the software handles JP2 file parsing, leading to use-after-free conditions. Users of affected Kofax Power PDF installations are at risk.

📋 TL;DR

This vulnerability in Kofax Power PDF allows attackers to disclose sensitive information by tricking users into opening malicious JP2 files. The flaw exists in how the software handles JP2 file parsing, leading to use-after-free conditions. Users of affected Kofax Power PDF installations are at risk.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Specific versions not detailed in provided references, but likely multiple recent versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects JP2 file parsing functionality; users must open malicious JP2 files to trigger the vulnerability.

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could combine this information disclosure with other vulnerabilities to achieve remote code execution, potentially compromising the entire system.

🟠

Likely Case

Sensitive information from the PDF application's memory is disclosed, which could include document contents, system information, or authentication data.

🟢

If Mitigated

With proper controls, the impact is limited to information disclosure from the PDF application's process memory only.

🌐 Internet-Facing: MEDIUM - Requires user interaction but malicious files can be delivered via web pages or email attachments.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files shared through internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious file) and likely needs to be combined with other vulnerabilities for full exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific patched versions

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/4.0.0-4n1t3p4o2y/wwhelp/wwhimpl/js/html/wwhelp.htm

Restart Required: Yes

Instructions:

1. Check current Power PDF version. 2. Visit Kofax support portal. 3. Download and install latest security update. 4. Restart system to ensure patch is fully applied.

🔧 Temporary Workarounds

Disable JP2 file association

windows

Remove JP2 file type association with Kofax Power PDF to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .jp2 association to different application

Block JP2 files at perimeter

all

Configure email and web gateways to block .jp2 file attachments

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized PDF applications
Deploy endpoint protection with memory protection capabilities to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against Kofax security advisory; versions before the patch are vulnerable

Check Version:

Open Power PDF > Help > About Power PDF

Verify Fix Applied:

Verify Power PDF version matches or exceeds patched version listed in Kofax advisory

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs with memory access violations
Unexpected JP2 file processing in application logs

Network Indicators:

Downloads of JP2 files from untrusted sources
Unusual outbound connections after JP2 file processing

SIEM Query:

source="PowerPDF" AND (event_type="crash" OR file_extension=".jp2")

📊 Metadata

CVE ID: CVE-2023-51610

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-416

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-1911/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1911/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51610, you might also want to check these: