Login Sign Up

CVE-2024-27335

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability in Kofax Power PDF allows remote attackers to execute arbitrary code by tricking users into opening malicious PNG files. The flaw exists in PNG parsing where improper data validation leads to out-of-bounds reads. Affected users are anyone running vulnerable versions of Kofax Power PDF who might open untrusted PDF files.

💻 Affected Systems

Products:
  • Kofax Power PDF
Versions: Specific versions not detailed in advisory, but likely multiple versions prior to patch
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with vulnerable versions are affected. User interaction required (opening malicious file).

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the PDF viewer process, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware execution within the user context, potentially leading to credential theft or persistence mechanisms.

🟢

If Mitigated

Application crash (denial of service) if memory protections prevent code execution, but data corruption or information disclosure may still occur.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability is memory corruption-based requiring precise control for reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references, but vendor likely released update

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Open Kofax Power PDF
2. Navigate to Help > Check for Updates
3. Install any available updates
4. Restart the application

🔧 Temporary Workarounds

Disable PNG file handling

windows

Prevent Power PDF from processing PNG files by modifying file associations

Control Panel > Default Programs > Set Associations
Find .png extension
Change from Power PDF to another application

Application sandboxing

windows

Run Power PDF in restricted environment to limit impact of exploitation

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized PDF viewers
  • Deploy endpoint detection with memory protection features enabled

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against vendor's patched version list

Check Version:

In Power PDF: Help > About

Verify Fix Applied:

Verify Power PDF version is updated to latest release from official vendor source

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unexpected child processes spawned from PDF viewer

Network Indicators:

  • Outbound connections from PDF viewer process to suspicious domains

SIEM Query:

Process creation where parent process contains 'powerpdf' AND (command line contains '.png' OR memory allocation anomalies detected)

📊 Metadata

CVE ID: CVE-2024-27335
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: April 3, 2024
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27335, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)