Headline
CVE-2022-38928: null pointer dereference caused by no-check malloc pointer
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
Post Reply
- Print view
Advanced search
3 posts • Page 1 of 1
cyth
Posts: 2
Joined: Sat Aug 20, 2022 9:49 am
null pointer dereference caused by no-check malloc pointer
- Quote
Post by cyth » Sat Aug 20, 2022 10:03 am
Hello.
I find a npd bug in xpdf 4.04 in FoFiType1C.cc:2393, it may caused by WebFont.cc:198 ( a no-check pointer).
It can be triggered by a crafted file in attachment by using pdftohtml.
Attachments
npd_poc.zip
(11.43 KiB) Downloaded 12 times
Top
derekn
Posts: 797
Joined: Wed Apr 05, 2017 6:57 pm
Re: null pointer dereference caused by no-check malloc pointer
- Quote
Post by derekn » Tue Aug 23, 2022 6:49 pm
I’ll have that fixed in the next release.
Thanks for the bug report.
Top
cyth
Posts: 2
Joined: Sat Aug 20, 2022 9:49 am
Re: null pointer dereference caused by no-check malloc pointer
- Quote
Post by cyth » Thu Aug 25, 2022 2:53 am
Thanks for your confirmation.
Top
Post Reply
- Print view
Display: Sort by: Direction:
3 posts • Page 1 of 1
Return to “Xpdf open source”
Jump to
- XpdfReader
- Xpdf open source
Related news
Gentoo Linux Security Advisory 202409-25 - Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected.