** DISPUTED ** Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”
References
Link | Resource |
---|---|
https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34 | Third Party Advisory |
https://github.com/huanglei3/xpdf_aborted | Exploit |
Configurations
History
02 Jun 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.” |
03 May 2023, 16:49
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/huanglei3/xpdf_aborted - Exploit | |
References | (MISC) https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34 - Third Party Advisory | |
CWE | CWE-120 | |
CPE | cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
26 Apr 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-26 19:15
Updated : 2024-08-02 12:16
NVD link : CVE-2023-26930
Mitre link : CVE-2023-26930
CVE.ORG link : CVE-2023-26930
JSON object : View
Products Affected
xpdfreader
- xpdf
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')