← volver
CVE-2024-7868

Uninitialized variable in Xpdf 4.05 due to invalid JPEG header

CVSS 2.1 LOWEPSS 0.4%CWE-457
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Productos afectados
Xpdf · Xpdf

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.xpdfreader.com/security-bug/CVE-2024-7868.html