CVE-2024-4141
LOWXpdf < 4.05 - Out-of-bounds Write via Type 1 Font Character Code
Title source: llmDescription
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
References (1)
Core 1
Core References
Vendor Advisory
https://www.xpdfreader.com/security-bug/CVE-2024-4141.html
Scores
CVSS v3
2.9
EPSS
0.0018
EPSS Percentile
7.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-787
Status
published
Products (1)
xpdfreader/xpdf
< 4.05
Published
Apr 24, 2024
Tracked Since
Feb 18, 2026