CVE-2024-7867
Published: 08/15/2024 20:15:18
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
MEDIUM
CVSS v3: 6.2
CVSS v3: 6.2
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | xpdf (4.05) | Not Affected | Code Not Reachable | The issue is in a PSOutputDev (PostScript Output Device) class that is not used by Document Filters. This CVE was found with the ‘pdftops’ application, which does use this class. Processing the proof-of-concept file for this CVE with Document Filters confirms that Document Filters is not affected. |
| 24.4 | xpdf (4.05) | Not Affected | Code Not Reachable | The issue is in a PSOutputDev (PostScript Output Device) class that is not used by Document Filters. This CVE was found with the ‘pdftops’ application, which does use this class. Processing the proof-of-concept file for this CVE with Document Filters confirms that Document Filters is not affected. |
| 24.4.0 | xpdf (4.05) | Not Affected | Code Not Reachable | The issue is in a PSOutputDev (PostScript Output Device) class that is not used by Document Filters. This CVE was found with the ‘pdftops’ application, which does use this class. Processing the proof-of-concept file for this CVE with Document Filters confirms that Document Filters is not affected. |
| 24.3 | xpdf (4.05) | Needs Triage | ||
| 24.2.1 | xpdf (4.05) | Needs Triage | ||
| 24.2 | xpdf (4.05) | Needs Triage | ||
| 24.1 | xpdf (3.02) | Needs Triage | ||
| 23.3 | xpdf (3.02) | Needs Triage | ||
| 23.2.1 | xpdf (3.02) | Needs Triage | ||
| 23.2 | xpdf (3.02) | Needs Triage | ||
| 23.1 | xpdf (3.02) | Needs Triage |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
6.2
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version
3.1