Summary: | app-text/xpdf: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | bircoph, maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42185 | ||
Whiteboard: | B2 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-11-14 22:27:27 UTC
CVE-2023-2662 (https://forum.xpdfreader.com/viewtopic.php?t=42505): In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. (In reply to John Helmert III from comment #0) > CVE-2021-40226: > > xpdfreader 4.03 is vulnerable to Buffer Overflow. > > Another famous "fixed in next release", but from over a year ago. Did > this get a fix? Looks like it from the 4.04 changes list: "Added a missing bounds check on stream DecodeParms arrays." |