Vulnerability Details CVE-2024-7868
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.3%
CVSS Severity
CVSS v3 Score 8.2
Products affected by CVE-2024-7868
-
cpe:2.3:a:xpdfreader:xpdf:0.2
-
cpe:2.3:a:xpdfreader:xpdf:0.3
-
cpe:2.3:a:xpdfreader:xpdf:0.4
-
cpe:2.3:a:xpdfreader:xpdf:0.5
-
cpe:2.3:a:xpdfreader:xpdf:0.6
-
cpe:2.3:a:xpdfreader:xpdf:0.7
-
cpe:2.3:a:xpdfreader:xpdf:0.7a
-
cpe:2.3:a:xpdfreader:xpdf:0.80
-
cpe:2.3:a:xpdfreader:xpdf:0.90
-
cpe:2.3:a:xpdfreader:xpdf:0.91
-
cpe:2.3:a:xpdfreader:xpdf:0.91a
-
cpe:2.3:a:xpdfreader:xpdf:0.91b
-
cpe:2.3:a:xpdfreader:xpdf:0.91c
-
cpe:2.3:a:xpdfreader:xpdf:0.92
-
cpe:2.3:a:xpdfreader:xpdf:0.92a
-
cpe:2.3:a:xpdfreader:xpdf:0.92b
-
cpe:2.3:a:xpdfreader:xpdf:0.92c
-
cpe:2.3:a:xpdfreader:xpdf:0.92d
-
cpe:2.3:a:xpdfreader:xpdf:0.92e
-
cpe:2.3:a:xpdfreader:xpdf:0.93
-
cpe:2.3:a:xpdfreader:xpdf:0.93a
-
cpe:2.3:a:xpdfreader:xpdf:1.00
-
cpe:2.3:a:xpdfreader:xpdf:1.01
-
cpe:2.3:a:xpdfreader:xpdf:2.00
-
cpe:2.3:a:xpdfreader:xpdf:2.01
-
cpe:2.3:a:xpdfreader:xpdf:2.02
-
cpe:2.3:a:xpdfreader:xpdf:2.03
-
cpe:2.3:a:xpdfreader:xpdf:3.00
-
cpe:2.3:a:xpdfreader:xpdf:3.01
-
cpe:2.3:a:xpdfreader:xpdf:3.02
-
cpe:2.3:a:xpdfreader:xpdf:3.03
-
cpe:2.3:a:xpdfreader:xpdf:3.03-17
-
cpe:2.3:a:xpdfreader:xpdf:3.04
-
cpe:2.3:a:xpdfreader:xpdf:3.04-13
-
cpe:2.3:a:xpdfreader:xpdf:3.04-4
-
cpe:2.3:a:xpdfreader:xpdf:4.0.0
-
cpe:2.3:a:xpdfreader:xpdf:4.0.1
-
cpe:2.3:a:xpdfreader:xpdf:4.0.2
-
cpe:2.3:a:xpdfreader:xpdf:4.00
-
cpe:2.3:a:xpdfreader:xpdf:4.01
-
cpe:2.3:a:xpdfreader:xpdf:4.01.01
-
cpe:2.3:a:xpdfreader:xpdf:4.02
-
cpe:2.3:a:xpdfreader:xpdf:4.03
-
cpe:2.3:a:xpdfreader:xpdf:4.04
-
cpe:2.3:a:xpdfreader:xpdf:4.05