Description
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 1.4 | Impact: 1.4Attack Vector: Local
Complexity: High
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: Low
Affected Packages2 packages
🔴Vulnerability Details
4GHSAJenkins Remoting library arbitrary file read vulnerability↗2024-08-07 GHSAGHSA-7jjc-f4w2-6g7w: In Xpdf 4↗2024-04-03 CVEListStack overflow in Xpdf 4.05 due to object loop in attachments↗2024-04-02 OSVCVE-2024-3248: In Xpdf 4↗2024-04-02 📋Vendor Advisories
2Red Hatxpdf: stack overflow via pdftpng↗2024-04-02 DebianCVE-2024-3248: xpdf - In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infini...↗2024