XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
Weakness
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xpdf | Xpdfreader | * | 4.04 (including) |
| Ipe | Ubuntu | bionic | * |
| Ipe | Ubuntu | focal | * |
| Ipe | Ubuntu | kinetic | * |
| Ipe | Ubuntu | lunar | * |
| Ipe | Ubuntu | mantic | * |
| Ipe | Ubuntu | oracular | * |
| Ipe | Ubuntu | plucky | * |
| Ipe | Ubuntu | trusty | * |
| Ipe | Ubuntu | xenial | * |
| Xpdf | Ubuntu | trusty | * |
| Xpdf | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
References
- https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42122
- https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42314\u0026p=43872
- https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42122
- https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42314\u0026p=43872