In Xpdf 4.05 (and earlier), invalid header info in a DCT ... · CVE-2024-7868 · GitHub Advisory Database · GitHub

In Xpdf 4.05 (and earlier), invalid header info in a DCT ...

Low severity Unreviewed Published Aug 15, 2024 to the GitHub Advisory Database • Updated Sep 11, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.

References

Published by the National Vulnerability Database

Aug 15, 2024

Published to the GitHub Advisory Database Aug 15, 2024

Last updated Sep 11, 2024

Severity

Low

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Local

Attack Complexity High

Attack Requirements None

Privileges Required None

User interaction None

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability Low

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X