Headline
CVE-2020-23877: Stack-buffer-overflow-XRef-getObjectStream · Issue #15 · kermitt2/pdf2xml
pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.
Related news
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.
A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).
pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.
pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.
TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.