Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-7867

HistoryAug 15, 2024 - 8:15 p.m.

CVE-2024-7867

2024-08-1520:15:18

Debian Security Bug Tracker

security-tracker.debian.org

xpdf

integer overflow

divide-by-zero

vulnerability

unix

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

2.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

7.5

Confidence

High

EPSS

Percentile

13.4%

JSON

In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.

OSVersionArchitecturePackageVersionFilename
Debian12allxpdf< 3.04+git20220601-1xpdf_3.04+git20220601-1_all.deb
Debian11allxpdf< 3.04+git20210103-3xpdf_3.04+git20210103-3_all.deb
Debian999allxpdf< 3.04+git20240613-1xpdf_3.04+git20240613-1_all.deb
Debian13allxpdf< 3.04+git20240613-1xpdf_3.04+git20240613-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xpdf	< 3.04+git20220601-1	xpdf_3.04+git20220601-1_all.deb
Debian	11	all	xpdf	< 3.04+git20210103-3	xpdf_3.04+git20210103-3_all.deb
Debian	999	all	xpdf	< 3.04+git20240613-1	xpdf_3.04+git20240613-1_all.deb
Debian	13	all	xpdf	< 3.04+git20240613-1	xpdf_3.04+git20240613-1_all.deb

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS4

2.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N

AI Score

7.5

Confidence

High

EPSS

Percentile

13.4%

JSON

Related for DEBIANCVE:CVE-2024-7867