An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xpdf | Xpdfreader | 4.00 (including) | 4.00 (including) |
| Ipe | Ubuntu | artful | * |
| Ipe | Ubuntu | bionic | * |
| Ipe | Ubuntu | cosmic | * |
| Ipe | Ubuntu | disco | * |
| Ipe | Ubuntu | eoan | * |
| Ipe | Ubuntu | focal | * |
| Ipe | Ubuntu | groovy | * |
| Ipe | Ubuntu | hirsute | * |
| Ipe | Ubuntu | impish | * |
| Ipe | Ubuntu | kinetic | * |
| Ipe | Ubuntu | lunar | * |
| Ipe | Ubuntu | mantic | * |
| Ipe | Ubuntu | oracular | * |
| Ipe | Ubuntu | plucky | * |
| Ipe | Ubuntu | trusty | * |
| Ipe | Ubuntu | xenial | * |
| Libextractor | Ubuntu | artful | * |
| Libextractor | Ubuntu | cosmic | * |
| Libextractor | Ubuntu | disco | * |
| Libextractor | Ubuntu | eoan | * |
| Libextractor | Ubuntu | groovy | * |
| Libextractor | Ubuntu | hirsute | * |
| Libextractor | Ubuntu | impish | * |
| Libextractor | Ubuntu | trusty | * |
| Libextractor | Ubuntu | xenial | * |
| Xpdf | Ubuntu | artful | * |
| Xpdf | Ubuntu | bionic | * |
| Xpdf | Ubuntu | cosmic | * |
| Xpdf | Ubuntu | devel | * |
| Xpdf | Ubuntu | disco | * |
| Xpdf | Ubuntu | eoan | * |
| Xpdf | Ubuntu | esm-apps/bionic | * |
| Xpdf | Ubuntu | esm-apps/jammy | * |
| Xpdf | Ubuntu | esm-apps/noble | * |
| Xpdf | Ubuntu | esm-apps/xenial | * |
| Xpdf | Ubuntu | hirsute | * |
| Xpdf | Ubuntu | impish | * |
| Xpdf | Ubuntu | jammy | * |
| Xpdf | Ubuntu | kinetic | * |
| Xpdf | Ubuntu | lunar | * |
| Xpdf | Ubuntu | mantic | * |
| Xpdf | Ubuntu | noble | * |
| Xpdf | Ubuntu | oracular | * |
| Xpdf | Ubuntu | plucky | * |
| Xpdf | Ubuntu | questing | * |
| Xpdf | Ubuntu | trusty | * |
| Xpdf | Ubuntu | xenial | * |