CVE-2023-2664: Stack overflow in Xpdf 4.04 due to object loop in PDF embedded file tree
First published: Thu May 11 2023(Updated: )
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
Credit: xpdf@xpdfreader.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xpdfreader Xpdf | <=4.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Xpdf vulnerability?
The vulnerability ID for this Xpdf vulnerability is CVE-2023-2664.
What is the severity rating for this Xpdf vulnerability?
The severity rating for this Xpdf vulnerability is medium with a CVSS score of 5.5.
What is the affected software for this Xpdf vulnerability?
The affected software for this Xpdf vulnerability is Xpdfreader Xpdf version 4.04 and earlier.
What is the impact of this Xpdf vulnerability?
This Xpdf vulnerability can lead to infinite recursion and a stack overflow.
Is there a fix available for this Xpdf vulnerability?
Yes, updating to a version later than 4.04 will fix this Xpdf vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- vendor/xpdfreader
- canonical/xpdfreader xpdf
- version/xpdfreader xpdf/4.04