Lucene search
HistoryMay 11, 2023 - 9:15 p.m.
CVE-2023-2663
xpdf
pdf
object
loop
stack overflow
security vulnerability
cve-2023-2663
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.
Affected configurations
Node
xpdfreaderxpdfRangeβ€4.04
| CPE | Name | Operator | Version |
|---|---|---|---|
| xpdfreader:xpdf | xpdfreader xpdf | le | 4.04 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Xpdf",
"vendor": "Xpdf",
"versions": [
{
"status": "affected",
"version": "4.04"
}
]
}
]Related
alpinelinux
alpinelinux
CVE-2023-2663
2023-05-11 21:15:10
cvelist
cvelist
nvd
nvd
CVE-2023-2663
2023-05-11 21:15:10
CVE-2023-31554
2023-05-10 16:15:12
veracode
veracode
Stack Overflow
2024-04-10 22:05:44
ubuntucve
ubuntucve
CVE-2023-2663
2023-05-11 00:00:00
prion
prion
Stack overflow
2023-05-11 21:15:00
CVE-2023-31554
2023-05-10 16:15:00
debiancve
debiancve
CVE-2023-2663
2023-05-11 21:15:10
CVE-2023-31554
2023-05-10 16:15:00
cve
cve
CVE-2023-31554
2023-05-10 16:15:12
openvas
openvas
Slackware: Security Advisory (SSA:2024-040-01)
2024-02-12 00:00:00
Mageia: Security Advisory (MGASA-2024-0035)
2024-02-12 00:00:00
slackware
slackware
[slackware-security] xpdf
2024-02-09 21:51:14
nessus
nessus
mageia
mageia
Updated xpdf packages fix security vulnerabilities
2024-02-10 22:02:27
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%
Related for CVE-2023-2663