9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.332 Low
EPSS
Percentile
97.0%
Secunia Research reports:
Secunia Research has discovered some vulnerabilities in Xpdf,
which can be exploited by malicious people to compromise a user’s
system.
An array indexing error within the
“DCTStream::readProgressiveDataUnit()” method in xpdf/Stream.cc
can be exploited to corrupt memory via a specially crafted PDF
file.
An integer overflow error within the “DCTStream::reset()”
method in xpdf/Stream.cc can be exploited to cause a heap-based
buffer overflow via a specially crafted PDF file.
A boundary error within the “CCITTFaxStream::lookChar()” method
in xpdf/Stream.cc can be exploited to cause a heap-based buffer
overflow by tricking a user into opening a PDF file containing a
specially crafted “CCITTFaxDecode” filter.
Successful exploitation may allow execution of arbitrary code.