VYPR
Unrated severityNVD Advisory· Published Nov 21, 2020· Updated Aug 4, 2024

CVE-2020-25725

CVE-2020-25725

Description

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack->cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Xpdf/Xpdfllm-fuzzy
    Range: =4.02
  • Glyph & Cog/xpdfv5
    Range: 4.02

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.