Xpdfreader: >> Xpdf >> 4.0.4 Security Vulnerabilities
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.021
Published
2022-05-09