Description
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
References (4)
Core 4
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/
Scores
CVSS v3
5.5
EPSS
0.0141
EPSS Percentile
69.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
glyphandcog/xpdfreader
4.02
Published
Oct 01, 2019
Tracked Since
Feb 18, 2026