| Summary: | app-text/xpdf: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | CONFIRMED --- | ||
| Severity: | normal | CC: | bircoph, maintainer-needed |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42185 | ||
| Whiteboard: | B2 [upstream] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2022-11-14 22:27:27 UTC
CVE-2023-2662 (https://forum.xpdfreader.com/viewtopic.php?t=42505): In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. (In reply to John Helmert III from comment #0) > CVE-2021-40226: > > xpdfreader 4.03 is vulnerable to Buffer Overflow. > > Another famous "fixed in next release", but from over a year ago. Did > this get a fix? Looks like it from the 4.04 changes list: "Added a missing bounds check on stream DecodeParms arrays." |