CVE-2023-26930

** DISPUTED ** Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”
Configurations

Configuration 1 (hide)

cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*

History

02 Jun 2023, 14:15

Type Values Removed Values Added
Summary Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. ** DISPUTED ** Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”

03 May 2023, 16:49

Type Values Removed Values Added
References (MISC) https://github.com/huanglei3/xpdf_aborted - (MISC) https://github.com/huanglei3/xpdf_aborted - Exploit
References (MISC) https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34 - (MISC) https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34 - Third Party Advisory
CWE CWE-120
CPE cpe:2.3:a:xpdfreader:xpdf:4.04:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5

26 Apr 2023, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-26 19:15

Updated : 2024-08-02 12:16


NVD link : CVE-2023-26930

Mitre link : CVE-2023-26930

CVE.ORG link : CVE-2023-26930


JSON object : View

Products Affected

xpdfreader

  • xpdf
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')