There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HXpdfreader Xpdf
APPXpdfreader4.04
Powiązane podatności
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-...
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted ...
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg()...
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc fi...