Lucene search
HistoryMay 11, 2023 - 9:15 p.m.
CVE-2023-2664
xpdf
pdf object loop
stack overflow
cve-2023-2664
embedded file tree
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
4.7
Confidence
High
EPSS
0
Percentile
12.7%
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
Affected configurations
Node
xpdfreaderxpdfRangeβ€4.04
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xpdfreader | xpdf | * | cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:* |
Related
prion
prion
Stack overflow
2023-05-11 21:15:00
CVE-2023-31557
2023-05-10 16:15:00
veracode
veracode
Stack Overflow
2024-04-10 22:05:44
debiancve
debiancve
CVE-2023-2664
2023-05-11 21:15:10
CVE-2023-31557
2023-05-10 16:15:00
ubuntucve
ubuntucve
CVE-2023-2664
2023-05-11 00:00:00
alpinelinux
alpinelinux
CVE-2023-2664
2023-05-11 21:15:10
CVE-2023-31557
2023-05-10 16:15:12
cvelist
cvelist
cve
cve
CVE-2023-2664
2023-05-11 21:15:10
CVE-2023-31557
2023-05-10 16:15:12
nvd
nvd
CVE-2023-31557
2023-05-10 16:15:12
openvas
openvas
Slackware: Security Advisory (SSA:2024-040-01)
2024-02-12 00:00:00
Mageia: Security Advisory (MGASA-2024-0035)
2024-02-12 00:00:00
slackware
slackware
[slackware-security] xpdf
2024-02-09 21:51:14
nessus
nessus
GLSA-202409-25 : Xpdf: Multiple Vulnerabilities
2024-09-25 00:00:00
mageia
mageia
Updated xpdf packages fix security vulnerabilities
2024-02-10 22:02:27
gentoo
gentoo
Xpdf: Multiple Vulnerabilities
2024-09-25 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
4.7
Confidence
High
EPSS
0
Percentile
12.7%
Related for NVD:CVE-2023-2664