Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 908037 (CVE-2023-3044)

Summary: app-text/xpdf: divide by zero vulnerability
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: bircoph, maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [upstream]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-08 04:29:25 UTC 
CVE-2023-3044 (https://www.xpdfreader.com/security-bug/CVE-2023-3044.html):

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.




This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.



"This will be fixed in Xpdf 4.05."