3.3
CVE-2023-3436
- EPSS 0.02%
- Veröffentlicht 27.06.2023 21:15:16
- Zuletzt bearbeitet 21.11.2024 08:17:15
- Quelle xpdf@xpdfreader.com
- CVE-Watchlists
- Unerledigt
LoginXpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xpdfreader ≫ Xpdf Version4.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.028 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
| xpdf@xpdfreader.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
CWE-833 Deadlock
The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.