Headline
CVE-2020-25725: Invalid Bug ID
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack->cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
‘CVE-2020-25725?cve=title’ is not a valid bug number nor an alias to a bug.
Please press Back and try again.
Related news
CVE-2022-24107: Xpdf Security Fixes
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.