VYPR
Unrated severityNVD Advisory· Published May 9, 2022· Updated Aug 3, 2024

CVE-2022-30524

CVE-2022-30524

Description

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Affected products

2
  • Xpdf/Xpdfcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 4.0.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.