Lucene search

GandCCVE-2024-7866

HistoryAug 15, 2024 - 8:15 p.m.

CVE-2024-7866

2024-08-1520:15:18

CWE-674

GandC

web.nvd.nist.gov

xpdf 4.05

pdf object loop

pattern resource

stack overflow

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS4

2.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

6.5

Confidence

High

EPSS

Percentile

13.3%

JSON

In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.

Affected configurations

Nvd

Node

xpdfreaderxpdfRange≤4.05

VendorProductVersionCPE
xpdfreaderxpdf*cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xpdfreader	xpdf	*	cpe:2.3:a:xpdfreader:xpdf::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Xpdf",
    "vendor": "Xpdf",
    "versions": [
      {
        "lessThanOrEqual": "4.05",
        "status": "affected",
        "version": "0",
        "versionType": "Version"
      }
    ]
  }
]

References

www.xpdfreader.com/security-bug/object-loops.html

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS4

2.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

6.5

Confidence

High

EPSS

Percentile

13.3%

JSON

Related for CVE-2024-7866