CVE-2023-2663

CWE-674 ā€” Uncontrolled Recursion7 documents6 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 75.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Xpdfreader XpdfXpdf Xpdf
Timeline
PublishedMay 11
Latest updateOct 22

Description

In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 1.4 | Impact: 1.4

Affected Packages2 packages

ā–¶NVDxpdfreader/xpdf4.04
ā–¶CVEListV5xpdf/xpdf4.04

šŸ”“Vulnerability Details

4
OSV
net/sched: fq_pie: avoid stalls in fq_pie_timer()ā†—2025-10-22
ā–¶
GHSA
GHSA-8wrw-hcvf-r5f8: In Xpdf 4ā†—2023-07-06
ā–¶
CVEList
Stack overflow in Xpdf 4.04 due to object loop in PDF page label treeā†—2023-05-11
ā–¶
OSV
CVE-2023-2663: In Xpdf 4ā†—2023-05-11
ā–¶

šŸ“‹Vendor Advisories

1
Debian
CVE-2023-2663: xpdf - In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to in...ā†—2023
ā–¶
CVE-2023-2663 (MEDIUM CVSS 5.5) | In Xpdf 4.04 (and earlier) | cvebase.io