CVE-2023-26930

Published: Apr 26, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”

Affected (1)

Products: Xpdfreader: Xpdf

Xpdfreader

1 product

Xpdf

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xpdfreader Xpdf	Version 4.04

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34

Source: cve@mitre.org

Third Party Advisory

https://github.com/huanglei3/xpdf_aborted

Source: cve@mitre.org

Exploit

https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/huanglei3/xpdf_aborted

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.