First Last Prev Next    This bug is not in your last search results.
Bug 1198874 - (CVE-2022-27135) VUL-1: CVE-2022-27135: xpdf: heap buffer overflow in the function readXRefTable located in XRef.cc
(CVE-2022-27135)
VUL-1: CVE-2022-27135: xpdf: heap buffer overflow in the function readXRefTab...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/330002/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-26 08:47 UTC by Hu
Modified: 2022-04-26 08:50 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hu 2022-04-26 08:47:21 UTC 
CVE-2022-27135

xpdf 4.03 has heap buffer overflow in the function readXRefTable located in
XRef.cc. An attacker can exploit this bug to cause a Denial of Service
(Segmentation fault) or other unspecified effects by sending a crafted PDF file
to the pdftoppm binary.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27135
https://github.com/verf1sh/Poc/blob/master/poc_ppm
https://github.com/verf1sh/Poc/blob/master/pic_ppm.png
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232
Comment 1 Hu 2022-04-26 08:48:38 UTC 
Closing, not affected:
- SUSE:SLE-11:Update/xpdf 3.02
First Last Prev Next    This bug is not in your last search results.