There is an invalid memory access in the TextLine class...
High severity
Unreviewed
Published
May 10, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
May 9, 2022
Published to the GitHub Advisory Database
May 10, 2022
Last updated
Feb 1, 2023
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References