CVE-2022-30775
MEDIUMxpdf 4.04 - Denial of Service via Crafted PDF Input
Title source: llmDescription
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_misc
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42264
Scores
CVSS v3
5.5
EPSS
0.0080
EPSS Percentile
51.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (1)
xpdfreader/xpdf
4.04
Published
May 16, 2022
Tracked Since
Feb 18, 2026