An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xpdf | Xpdfreader | 4.04 (including) | 4.04 (including) |
| Ipe | Ubuntu | bionic | * |
| Ipe | Ubuntu | focal | * |
| Ipe | Ubuntu | kinetic | * |
| Ipe | Ubuntu | lunar | * |
| Ipe | Ubuntu | mantic | * |
| Ipe | Ubuntu | oracular | * |
| Ipe | Ubuntu | plucky | * |
| Ipe | Ubuntu | trusty | * |
| Ipe | Ubuntu | xenial | * |
| Xpdf | Ubuntu | trusty | * |
| Xpdf | Ubuntu | xenial | * |
Potential Mitigations
References
- https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344
- https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421
- https://forum.xpdfreader.com/viewtopic.php?f=1\u0026t=42344
- https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=42325\u0026sid=7b08ba9a518a99ce3c5ff40e53fc6421