CVE-2023-26930

Exploit

EPSS 0.03%
Veröffentlicht 26.04.2023 19:15:08
Zuletzt bearbeitet 21.11.2024 07:52:04
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xpdfreader ≫ Xpdf Version4.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.079

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34

Third Party Advisory

https://github.com/huanglei3/xpdf_aborted

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-26930

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-26930

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-26930

EUVD