xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde kpdf |
||
xpdf xpdf 3.0_pl3 |
||
xpdf xpdf 3.0 |
||
xpdf xpdf 3.0_pl2 |