CVE-2024-7868

Aug. 15, 2024, 9:15 p.m.

None
No Score

Description

In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.

Product(s) Impacted

Product Versions
Xpdf
  • ['4.05 and earlier']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References

https://www.xpdfreader.com/security-bug/CVE-2024-7868.html

Tags

xpdf@xpdfreader.com
CWE-908
2024-08-15
CVE-2024-7868

Timeline

Published: Aug. 15, 2024, 9:15 p.m.
Last Modified: Aug. 15, 2024, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

xpdf@xpdfreader.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.