Vulnerability Details CVE-2022-27135
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.2%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232
- https://github.com/verf1sh/Poc/blob/master/pic_ppm.png
- https://github.com/verf1sh/Poc/blob/master/poc_ppm
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232
- https://github.com/verf1sh/Poc/blob/master/pic_ppm.png
- https://github.com/verf1sh/Poc/blob/master/poc_ppm
Products affected by CVE-2022-27135
-
cpe:2.3:a:xpdfreader:xpdf:4.03