Products
Xpdf
- 4.05 and earlier
Source
xpdf@xpdfreader.com
Tags
CVE-2024-7868 details
Published : Aug. 15, 2024, 9:15 p.m.
Last Modified : Aug. 15, 2024, 9:15 p.m.
Last Modified : Aug. 15, 2024, 9:15 p.m.
Description
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-908 | Use of Uninitialized Resource | The product uses or accesses a resource that has not been initialized. |
References
| URL | Source |
|---|---|
| https://www.xpdfreader.com/security-bug/CVE-2024-7868.html | xpdf@xpdfreader.com |
This website uses the NVD API, but is not approved or certified by it.