CVE-2022-30775

Published: May 16, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.

Affected (1)

Products: Xpdfreader: Xpdf

Xpdfreader

1 product

Xpdf

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xpdfreader Xpdf	Version 4.04

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://forum.xpdfreader.com/viewtopic.php?f=3&t=42264

Source: cve@mitre.org

ExploitVendor Advisory

https://forum.xpdfreader.com/viewtopic.php?f=3&t=42264

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.