CVE-2020-24996
First published: Thu Sep 03 2020(Updated: )
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xpdfreader Xpdf | =4.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-24996?
CVE-2020-24996 is a vulnerability in Xpdf 4.0.2 that allows a remote attacker to cause a Denial of Service or possibly have other unspecified impact.
How severe is CVE-2020-24996?
CVE-2020-24996 has a severity rating of 7.8 (high).
How can CVE-2020-24996 be exploited?
CVE-2020-24996 can be exploited by sending a crafted PDF file to the pdftohtml binary.
What is the affected software version of CVE-2020-24996?
CVE-2020-24996 affects Xpdf 4.0.2.
Is there a fix for CVE-2020-24996?
There is currently no available fix for CVE-2020-24996. It is recommended to update to a newer version of Xpdf when a fix becomes available.
- collector/nvd-index
- vendor/xpdfreader
- canonical/xpdfreader xpdf
- version/xpdfreader xpdf/4.0.2