Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-3044

Published: 02/06/2023 Updated: 13/06/2023
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Xpdfreader

Vulnerability Summary

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.

Vulnerable Product Search on Vulmon Subscribe to Product

xpdfreader xpdf

Github Repositories

https://github.com/baker221/poc-xpdf

Environment AFL++ Docker image Image ID: d9c8ce54bc97 xpdf404 Input /pdftotext id Crash Syntax Warning: May not be a PDF file (continuing anyway) Syntax Error: Couldn't read xref table Syntax Warning: PDF file is damaged - attempting to reconstruct xref table Syntax Error (1298): Dictionary key must be a name object Syntax Erro

References

CWE-369https://www.xpdfreader.com/security-bug/CVE-2023-3044.htmlhttps://github.com/baker221/poc-xpdfhttps://nvd.nist.govhttps://github.com/baker221/poc-xpdf
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook