PT-2022-24301 · Xpdf · Xpdf

Name of the Vulnerable Software and Affected Versions: XPDF affected versions not specified Description: A heap-buffer overflow issue was discovered in XPDF via the getChar function in DCTStream at /xpdf/Stream.cc. Recommendations: At the moment, there is no information about a newer version that...

security flaw

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...