N/A

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

N/A

N/A

Xpdf 缓冲区错误漏洞

Xpdf是FOO实验室的一款开源的PDF阅读器。该产品支持解码LZW压缩格式的文件以及阅读加密的PDF文件。 Xpdf 4.0.4版本存在安全漏洞，该漏洞源于TextOutputDev.cc的TextLine类中存在无效的内存访问。攻击者利用该漏洞把特制的pdf文件发送到pdftotext二进制文件，从而导致拒绝服务（分段错误）或其他影响。

N/A

N/A