Description
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34
Scores
CVSS v3
5.5
EPSS
0.0014
EPSS Percentile
34.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (1)
xpdfreader/xpdf
4.04
Published
Apr 26, 2023
Tracked Since
Feb 18, 2026