CVE-2020-25725

CWE-416Use After Free5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 60.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Glyph & COG XpdfFedoraproject FedoraXpdfreader Xpdf
Timeline
PublishedNov 21
Latest updateMay 24

Description

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages2 packages

NVDxpdfreader/xpdf4.02
CVEListV5glyph_&_cog/xpdf4.02

Also affects: Fedora 32, 33

🔴Vulnerability Details

3
GHSA
GHSA-r454-8j2h-fwqp: In Xpdf 42022-05-24
OSV
CVE-2020-25725: In Xpdf 42020-11-21
CVEList
CVE-2020-25725: In Xpdf 42020-11-21

📋Vendor Advisories

1
Debian
CVE-2020-25725: xpdf - In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:...2020
CVE-2020-25725 (MEDIUM CVSS 5.5) | In Xpdf 4.02 | cvebase.io