Login Sign Up

CVE-2024-5304

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious TGA files in Kofax Power PDF. The flaw exists in how the software handles TGA file data, enabling buffer overflow attacks. All users of affected Kofax Power PDF versions are at risk.

💻 Affected Systems

Products:
  • Kofax Power PDF
Versions: Specific versions not detailed in provided references, but likely multiple recent versions prior to patch
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires user interaction (opening malicious file) but works with default configurations

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to data exfiltration, malware installation, or persistence mechanisms being established on the compromised system.

🟢

If Mitigated

Application crash or denial of service if exploit fails, but no code execution due to security controls like DEP or ASLR.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction but no authentication. Technical details suggest reliable exploitation is feasible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific patched version

Vendor Advisory: https://www.kofax.com/security/advisories

Restart Required: Yes

Instructions:

1. Check current Power PDF version
2. Visit Kofax security advisory page
3. Download and install latest security update
4. Restart system if prompted

🔧 Temporary Workarounds

Disable TGA file association

windows

Remove Power PDF as default handler for .tga files to prevent automatic opening

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .tga association to another program

Block TGA files at perimeter

all

Prevent TGA files from entering the network via email or web downloads

🧯 If You Can't Patch

  • Implement application whitelisting to block unauthorized Power PDF execution
  • Use endpoint protection with memory protection features enabled

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against Kofax security advisory. Versions before the patched release are vulnerable.

Check Version:

In Power PDF: Help > About Power PDF

Verify Fix Applied:

Confirm Power PDF version matches or exceeds patched version listed in Kofax advisory.

📡 Detection & Monitoring

Log Indicators:

  • Power PDF crash logs with memory access violations
  • Unexpected Power PDF processes spawning child processes

Network Indicators:

  • Downloads of TGA files from untrusted sources
  • Outbound connections from Power PDF process to unknown IPs

SIEM Query:

Process creation where parent process contains 'powerpdf' and child process is cmd.exe, powershell.exe, or other suspicious binaries

📊 Metadata

CVE ID: CVE-2024-5304
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 6, 2024
Last Updated: August 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5304, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)