Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xpdf | Xpdfreader | 4.00 (including) | 4.00 (including) |
| Ipe | Ubuntu | artful | * |
| Ipe | Ubuntu | bionic | * |
| Ipe | Ubuntu | cosmic | * |
| Ipe | Ubuntu | disco | * |
| Ipe | Ubuntu | eoan | * |
| Ipe | Ubuntu | focal | * |
| Ipe | Ubuntu | groovy | * |
| Ipe | Ubuntu | hirsute | * |
| Ipe | Ubuntu | impish | * |
| Ipe | Ubuntu | kinetic | * |
| Ipe | Ubuntu | lunar | * |
| Ipe | Ubuntu | mantic | * |
| Ipe | Ubuntu | oracular | * |
| Ipe | Ubuntu | plucky | * |
| Ipe | Ubuntu | trusty | * |
| Ipe | Ubuntu | xenial | * |
| Libextractor | Ubuntu | artful | * |
| Libextractor | Ubuntu | cosmic | * |
| Libextractor | Ubuntu | disco | * |
| Libextractor | Ubuntu | eoan | * |
| Libextractor | Ubuntu | groovy | * |
| Libextractor | Ubuntu | hirsute | * |
| Libextractor | Ubuntu | impish | * |
| Libextractor | Ubuntu | trusty | * |
| Libextractor | Ubuntu | xenial | * |
| Xpdf | Ubuntu | artful | * |
| Xpdf | Ubuntu | bionic | * |
| Xpdf | Ubuntu | cosmic | * |
| Xpdf | Ubuntu | devel | * |
| Xpdf | Ubuntu | disco | * |
| Xpdf | Ubuntu | eoan | * |
| Xpdf | Ubuntu | esm-apps/bionic | * |
| Xpdf | Ubuntu | esm-apps/jammy | * |
| Xpdf | Ubuntu | esm-apps/noble | * |
| Xpdf | Ubuntu | esm-apps/xenial | * |
| Xpdf | Ubuntu | hirsute | * |
| Xpdf | Ubuntu | impish | * |
| Xpdf | Ubuntu | jammy | * |
| Xpdf | Ubuntu | kinetic | * |
| Xpdf | Ubuntu | lunar | * |
| Xpdf | Ubuntu | mantic | * |
| Xpdf | Ubuntu | noble | * |
| Xpdf | Ubuntu | oracular | * |
| Xpdf | Ubuntu | plucky | * |
| Xpdf | Ubuntu | questing | * |
| Xpdf | Ubuntu | trusty | * |
| Xpdf | Ubuntu | xenial | * |