2279470 – (CVE-2024-4568) CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion

Bug 2279470 (CVE-2024-4568) - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion

Summary: CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion

Keywords:
Status:	NEW
Alias:	CVE-2024-4568
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2279471 2279472 2279473
Blocks:	2279474
TreeView+	depends on / blocked

Reported:	2024-05-07 06:15 UTC by Rohit Keshri
Modified:	2024-05-14 20:33 UTC (History)
CC List:	0 users
Fixed In Version:	xpdf 4.06
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Xpdf. A PDF object loop in the PDF resources can lead to infinite recursion and a stack overflow, resulting in an application crash.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Rohit Keshri 2024-05-07 06:15:32 UTC

In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.

https://www.xpdfreader.com/security-bug/object-loops.html

Comment 1 Rohit Keshri 2024-05-07 06:17:13 UTC

Created xpdf tracking bugs for this issue:

Affects: epel-7 [bug 2279471]
Affects: epel-8 [bug 2279472]
Affects: fedora-all [bug 2279473]

Note You need to log in before you can comment on or make changes to this bug.