SB2023032424 - Multiple vulnerabilities in xpdf
Published: March 24, 2023 Updated: March 24, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Uncontrolled Recursion (CVE-ID: CVE-2019-16088)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in PDF objects. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Out-of-bounds write (CVE-ID: CVE-2022-33108)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the Object::Copy class of object.cc files. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
3) Input validation error (CVE-ID: CVE-2022-36561)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a segmentation violation in the component /xpdf/AcroForm.cc:538. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
4) Uncontrolled Recursion (CVE-ID: CVE-2022-38334)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion in the function Catalog::countPageTree() at Catalog.cc. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
5) Resource exhaustion (CVE-ID: CVE-2022-41842)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
6) Resource exhaustion (CVE-ID: CVE-2022-41844)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2022-41843)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in convertToType0 in fofi/FoFiType1C.cc. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
8) Use-after-free (CVE-ID: CVE-2022-38222)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in JBIG2Stream::close() located in JBIG2Stream.cc. A remote attacker can execute arbitrary code on the system.
9) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-30775)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected application allocates excessive memory when presented with crafted input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
10) NULL pointer dereference (CVE-ID: CVE-2022-38928)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a NULL pointer dereference error in FoFiType1C.cc:2393. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
11) Out-of-bounds write (CVE-ID: CVE-2022-30524)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the TextLine class in TextOutputDev.cc. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387
- http://www.xpdfreader.com/security-fixes.html#5.00
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42286
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42287
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42314&p=43872
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42122
- http://www.xpdfreader.com/download.html
- https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421
- https://forum.xpdfreader.com/viewtopic.php?f=1&t=42344
- http://www.xpdfreader.com/security-fixes.html#4.05
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42264
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=42261