CVE-2024-7868

Aug. 15, 2024, 9:15 p.m.

Tags

xpdf@xpdfreader.com
CWE-908
2024-08-15
CVE-2024-7868

Product(s) Impacted

Xpdf

  • 4.05 and earlier

Description

In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.

Weaknesses

CWE-908
Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

CWE ID: 908

Date

Published: Aug. 15, 2024, 9:15 p.m.

Last Modified: Aug. 15, 2024, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

xpdf@xpdfreader.com

References

https://www.xpdfreader.com/security-bug/CVE-2024-7868.html
xpdf@xpdfreader.com