CVE-2024-3900

CWE-787 ā€” Out-of-bounds Write5 documents5 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 95.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Xpdf XpdfXpdfreader Xpdf
Timeline
PublishedApr 17

Description

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 1.4 | Impact: 1.4

Affected Packages2 packages

ā–¶CVEListV5xpdf/xpdf4.05
ā–¶NVDxpdfreader/xpdf4.05

šŸ”“Vulnerability Details

3
CVEList
Out-of-bounds stack array write in Xpdf 4.05 due to missing zero checkā†—2024-04-17
ā–¶
OSV
CVE-2024-3900: Out-of-bounds array write in Xpdf 4ā†—2024-04-17
ā–¶
GHSA
GHSA-4m7h-g5g8-jphw: Out-of-bounds array write in Xpdf 4ā†—2024-04-17
ā–¶

šŸ“‹Vendor Advisories

1
Red Hat
xpdf: out-of-bounds array writeā†—2024-04-17
ā–¶
CVE-2024-3900 (MEDIUM CVSS 5.5) | Out-of-bounds array write in Xpdf 4 | cvebase.io