CVE-2022-30524

CWE-787Out-of-bounds Write5 documents5 sources
Severity
7.8HIGH
EPSS
2.2%
top 15.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Xpdf XpdfXpdfreader Xpdf
Timeline
PublishedMay 9
Latest updateMay 10

Description

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5xpdf/xpdf4.04
NVDxpdfreader/xpdf4.0.4

🔴Vulnerability Details

3
GHSA
GHSA-cm35-4jxq-5m42: There is an invalid memory access in the TextLine class in TextOutputDev2022-05-10
CVEList
CVE-2022-30524: There is an invalid memory access in the TextLine class in TextOutputDev2022-05-09
OSV
CVE-2022-30524: There is an invalid memory access in the TextLine class in TextOutputDev2022-05-09

📋Vendor Advisories

1
Debian
CVE-2022-30524: xpdf - There is an invalid memory access in the TextLine class in TextOutputDev.cc in X...2022
CVE-2022-30524 (HIGH CVSS 7.8) | There is an invalid memory access i | cvebase.io