CVE-2023-3044

CWE-3695 documents5 sources
Severity
3.3LOW
EPSS
0.0%
top 86.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Xpdfreader XpdfXpdf Xpdf
Timeline
PublishedJun 2
Latest updateJun 3

Description

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

ā–¶NVDxpdfreader/xpdf< 4.05
ā–¶CVEListV5xpdf/xpdf4.04

šŸ”“Vulnerability Details

3
GHSA
GHSA-6w33-g59h-852h: An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction codeā†—2023-06-03
ā–¶
CVEList
Divide-by-zero in Xpdf 4.04 due to very large page sizeā†—2023-06-02
ā–¶
OSV
CVE-2023-3044: An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction codeā†—2023-06-02
ā–¶

šŸ“‹Vendor Advisories

1
Debian
CVE-2023-3044: xpdf - An excessively large PDF page size (found in fuzz testing, unlikely in normal PD...ā†—2023
ā–¶
CVE-2023-3044 (LOW CVSS 3.3) | An excessively large PDF page size | cvebase.io