The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.

Summary

Zyxel is aware of multiple vulnerabilities reported by our security consultancy partner, SEC Consult, and advises users to install the applicable firmware updates for optimal protection.

 

What are the vulnerabilities?

There are eight vulnerabilities, identified as follows.

1.  Multiple buffer overflow vulnerabilities were discovered in the web server of the affected devices.
2.  The CGI program lacks a proper permission control mechanism, which could allow an attacker to read sensitive files on the devices.
3.  Insufficiently protected credentials in the configuration file of the devices could allow an attacker to retrieve the passwords.
4.  Command injection vulnerabilities were found in the diagnostic tool and the certificate upload interface of the devices.
5.  Access control vulnerabilities in the devices could allow a less privileged user to access functionality of a more privileged role.
6.  The improper symbolic links processing vulnerability in the FTP server could allow an attacker to get read access to the root file system.
7.  A security flaw was found in API of the devices that could be abused without authentication in order to obtain a new session key.
8.  A cross-site scripting vulnerability was identified in the printer name field of the print server menu within the web interface of the devices.

 

What versions are vulnerable-and what should you do?

After a thorough investigation, we’ve identified the affected products that are within their warranty and support period, as shown in the link here. If a product is not listed, it is not affected or has reached end-of-life. We encourage users to install the applicable updates for optimal protection.

Please note that the table in the link provided does NOT include customized models for internet service providers (ISPs).

If you are an ISP, please contact your Zyxel sales or service representative for further details.

If you are an end-user who received your Zyxel device from an ISP, please reach out to the ISP’s support team directly, as the device may have custom-built settings.

If you are an end-user who purchased your Zyxel device yourself, please contact your local Zyxel support team or visit our forum for further assistance.

 

Got a question?

Please contact your local service rep or visit Zyxel’s forum for further information or assistance.

 

Acknowledgment

Thanks to SEC Consult for reporting the issues to us.

 

Revision history

2022-2-15: Initial release

CVE-2023-28770: Zyxel security advisory for multiple vulnerabilities | Zyxel Networks

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.

\[09:43:36\] Starting 'watch-extension:vscode-api-tests' ...

\[09:43:36\] Finished 'clean-extension:typescript-language-features' after 248 ms

\[09:43:36\] Starting 'watch-extension:typescript-language-features' ...

\[09:43:36\] Finished 'clean-extension:php-language-features' after 384 ms

\[09:43:36\] Starting 'watch-extension:php-language-features' ...

\[09:43:40\] Finished 'clean-extension:html-language-features-server' after 4.66 s

\[09:43:40\] Starting 'watch-extension:html-language-features-server' ...

\[09:43:43\] Finished 'clean-client' after 7.33 s

\[09:43:43\] Starting 'watch-client' ...

CVE-2023-30280: GitHub: Let’s build from here

Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function.

**Crash Inputs**

Here is the crash file that trigger the error

cmix\_asan\_crash\_mem\_overlap.zip

**Bug Description:**

When executing cmix (new release version) with the file inputs and parameter "-n", the ASan (Memory Sanitizer ) instrumented program terminates with Nonfatal Error shown below.

    ==102390==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x619000041c63,0x619000041c67) and [0x619000041c64, 0x619000041c68) overlap
        #0 0x4ca038 in __asan_memcpy (/cmix/cmix_asan+0x4ca038)
        #1 0x656a09 in paq8::FrenchStemmer::ConvertUTF8(paq8::Word*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:2502:11
        #2 0x65569b in paq8::FrenchStemmer::Stem(paq8::Word*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:2782:5
        #3 0x558c65 in paq8::TextModel::Update(paq8::Buf&, paq8::ModelStats*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:3258:28
        #4 0x63978b in paq8::TextModel::Predict(paq8::Mixer&, paq8::Buf&, paq8::ModelStats*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:3160:7
        #5 0x615679 in paq8::contextModel2(paq8::ModelStats*) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:8183:13
        #6 0x61867b in paq8::Predictor::update() /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:8277:11
        #7 0x6c0d24 in Predictor::Perceive(int) /data/Deter-Study/temp/benchmark/crash/cmix/src/predictor.cpp:394:12
        #8 0x4fed5c in Encoder::Encode(int) /data/Deter-Study/temp/benchmark/crash/cmix/src/coder/encoder.cpp:23:7
        #9 0x6ef0d0 in Compress(unsigned long long, std::basic_ifstream<char, std::char_traits<char> >*, std::basic_ofstream<char, std::char_traits<char> >*, unsigned long long*, Predictor*) /data/Deter-Study/temp/benchmark/crash/cmix/src/runner.cpp:106:9
        #10 0x6f06d3 in RunCompression(bool, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, _IO_FILE*, unsigned long long*, unsigned long long*) /data/Deter-Study/temp/benchmark/crash/cmix/src/runner.cpp:203:3
        #11 0x6f3b13 in main /data/Deter-Study/temp/benchmark/crash/cmix/src/runner.cpp:298:10
        #12 0x7f0cc1be9c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
        #13 0x41f819 in _start (/cmix/cmix_asan+0x41f819)
    
    0x619000041c63 is located 483 bytes inside of 960-byte region [0x619000041a80,0x619000041e40)
    allocated by thread T0 here:
        #0 0x4cb3ba in calloc (/cmix/cmix_asan+0x4cb3ba)
        #1 0x654691 in paq8::Array<paq8::Word, 0>::create(unsigned int) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:118:16
        #2 0x654691 in paq8::Array<paq8::Word, 0>::Array(unsigned int) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:76
        #3 0x654691 in paq8::Cache<paq8::Word, 8u>::Cache() /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:3013
    
    0x619000041c64 is located 484 bytes inside of 960-byte region [0x619000041a80,0x619000041e40)
    allocated by thread T0 here:
        #0 0x4cb3ba in calloc (/cmix/cmix_asan+0x4cb3ba)
        #1 0x654691 in paq8::Array<paq8::Word, 0>::create(unsigned int) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:118:16
        #2 0x654691 in paq8::Array<paq8::Word, 0>::Array(unsigned int) /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:76
        #3 0x654691 in paq8::Cache<paq8::Word, 8u>::Cache() /data/Deter-Study/temp/benchmark/crash/cmix/src/models/paq8.cpp:3013
    
    SUMMARY: AddressSanitizer: memcpy-param-overlap (/cmix/cmix_asan+0x4ca038) in __asan_memcpy
    

**Step to reproduce**

*   download the cmix from github and build it with ASAN
*   Execute cmix with provide files and given parameters "-n".

CVE-2023-29596: [BUG]: ERROR memcpy-param-overlap · Issue #54 · byronknoll/cmix

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2023-26930: GitHub - huanglei3/xpdf_aborted

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function.

CVE-2023-26931

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc.

XPDF v4.04

pdftotext poc

Syntax Warning: PDF file is damaged - attempting to reconstruct xref table... Syntax Error (2711): Dictionary key must be a name object Syntax Error (2715): Dictionary key must be a name object Syntax Error (2720): Dictionary key must be a name object Syntax Error: Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (393): Illegal character <3d> in hex string Syntax Error (398): Illegal character <80> in hex string Syntax Error (399): Illegal character <67> in hex string Syntax Error (400): Illegal character <74> in hex string Syntax Error (401): Illegal character <68> in hex string Syntax Error (409): Illegal character '>' Syntax Error (172): Dictionary key must be a name object Syntax Error (393): Illegal character <3d> in hex string Syntax Error (398): Illegal character <80> in hex string Syntax Error (399): Illegal character <67> in hex string Syntax Error (400): Illegal character <74> in hex string Syntax Error (401): Illegal character <68> in hex string Syntax Error (409): Illegal character '>' Syntax Error (887): Illegal character ')' Syntax Error (1296): Illegal character ')' Syntax Error (1781): Illegal character ')' Syntax Error (2386): Dictionary key must be a name object Syntax Error (2390): Dictionary key must be a name object Syntax Error: Unterminated string Syntax Error: End of file inside dictionary Syntax Error: End of file inside array Syntax Error: End of file inside dictionary

Program received signal SIGSEGV, Segmentation fault.

(gdb) bt

#0 0x00007ffff7a989df in \_IO\_new\_file\_seekoff (fp=0x555555b81c30, offset=1446, dir=0, mode=) at fileops.c:976 #1 0x00007ffff7a967cd in \_\_fseeko (fp=0x555555b81c30, offset=offset@entry=1446, whence=whence@entry=0) at fseeko.c:40 #2 0x0000555555848c19 in gfseek (f=, offset=offset@entry=1446, whence=whence@entry=0) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/goo/gfile.cc:733 #3 0x00005555557ec8c1 in SharedFile::readBlock (this=0x555555b81fd0, buf=buf@entry=0x555555b832b8 "6 0 objnt 3 0 R\\r\\n/Resources <<\\r\\n/Font <<\\r\\n/F1 9 0 R \\r\\n>>\\r\\n/ProcSet 8 0 R\\r\\n>>\\r\\n/MediaBo\\202 \[0 0 612.0000 792.0000\]\\r\\n\\r\\n7 0 obj\\r\\n<< /Length 676 >> 00000 Name /ream\\r\\n2 J\\r\\nBT\\r\\n0\\r\\n57.3750 722.2800 Td\\r\\n( Simpl"..., pos=1446, size=256) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Stream.cc:739 #4 0x00005555557ecfe8 in FileStream::fillBuf (this=this@entry=0x555555b83280) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Stream.cc:842 #5 0x0000555555813d23 in FileStream::getChar (this=0x555555b83280) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Stream.h:324 #6 0x00005555557b1153 in Object::streamGetChar (this=0x555555b833f0) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.h:300 #7 Lexer::getChar (this=this@entry=0x555555b833e0) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Lexer.cc:93 #8 0x00005555557b13fa in Lexer::getObj (this=0x555555b833e0, obj=obj@entry=0x555555b838e8) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Lexer.cc:125 #9 0x00005555557d078d in Parser::Parser (this=0x555555b838d0, xrefA=, lexerA=, allowStreamsA=) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Parser.cc:35 #10 0x000055555582c0e2 in XRef::fetch (this=0x555555b83990, num=6, gen=0, obj=0x7fffff7ff330, recursion=) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/XRef.cc:1231 #11 0x00005555556754a0 in Object::arrayGet (this=0x7fffff7ff320, recursion=0, obj=0x7fffff7ff330, i=1) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.h:243 #12 Catalog::countPageTree (this=0x555555b5d4a0, pagesObj=) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:566

CVE-2023-26935: GitHub - huanglei3/xpdf_heapoverflow

libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427.

CVE-2022-44232: GitHub - huanglei3/libming_crashes

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc

publicize CVE

\[CVE ID\]

CVE-2022-44232

\[the name of an affected Product\]

libming

\[the affected or fixed version(s)\]

libming 0.4.8

\> \[Affected Product Code Base\]

\> libming 0.4.8 - 0.4.8

\[Vulnerability Type\]

Buffer Overflow

\> \[Impact Denial of Service\]

\>> true

\> \[Attack Vectors\]

\> open a crafted swf file

\[DESCRIPTION\]

In libming 0.4.8 decompile.c, accessing zero page may lead to denial of service.

\[CVE ID\]

CVE-2023-26930

\[PRODUCT\]

XPDF

\[VERSION\]

XPDF 4.04

\> \[Affected Product Code Base\]

\>> XPDF 4.04

\[PROBLEM TYPE\]

Buffer Overflow

\> \[Impact Denial of Service\]

\>> true

\[DESCRIPTION\]

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function.

\[CVE ID\]

CVE-2023-26931

\[ the name of an affected Product\]

XPDF

\[VERSION\]

XPDF 4.04

\[Vulnerability TYPE\]

Buffer Overflow

\[DESCRIPTION\]

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in TextOutputDev.cc.

\[CVE ID\]

CVE-2023-26934

\[PRODUCT\]

XPDF

\[VERSION\]

XPDF 4.04

\[Affected Product Code Base\]

XPDF 4.04

\[VulnerabilityType Other\]

Large or infinite loop

\[Impact Denial of Service\]

true

\[DESCRIPTION\]

An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafed pdf file in the object.cc parameter.

\[CVE ID\]

CVE-2023-26935

\[PRODUCT\]

XPDF 4.04

\[VERSION\]

4.04

\> \[Affected Product Code Base\]

\>> XPDF 4.04

\[PROBLEM TYPE\]

Buffer Overflow

\> \[Impact Denial of Service\]

\>> true

\[DESCRIPTION\]

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc.

\[CVE ID\]

CVE-2023-26936

\[PRODUCT\]

XPDF

\[VERSION\]

XPDF 4.04

\> \[Affected Product Code Base\]

\>> XPDF 4.04 4.04

\[VulnerabilityType Other\]

Large or infinite loop

\> \[Impact Denial of Service\]

\>> true

\[DESCRIPTION\]

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc

\[CVE ID\]

CVE-2023-26937

\[PRODUCT\]

XPDF

\[VERSION\]

4.04

\> \[Affected Product Code Base\]

\>> XPDF 4.04 4.04

\> \[VulnerabilityType Other\]

\>> Large or infinite loop

\> \[Impact Denial of Service\]

\>> true

\[DESCRIPTION\]

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc

\[CVE ID\]

CVE-2023-26938

\[PRODUCT\]

XPDF 4.04

\[VERSION\]

XPDF 4.04

\> \[Affected Product Code Base\]

\>> XPDF 4.04

\> \[VulnerabilityType Other\]

\>> Large or infinite loop

\> \[Impact Denial of Service\]

\>> true

\[DESCRIPTION\]

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc.

CVE-2023-26936: publicize CVE

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc

XPDF v4.04 poc: https://github.com/huanglei3/xpdf\_Stack-backtracking/blob/main/gstring\_poc pdftotext gstring\_poc Syntax Error: Couldn't read xref table Syntax Warning: PDF file is damaged - attempting to reconstruct xref table... Syntax Error (2786): Dictionary key must be a name object Syntax Error (2790): Dictionary key must be a name object Syntax Error (2795): Dictionary key must be a name object Syntax Error: Dictionary key must be a name object Syntax Error: End of file inside dictionary Syntax Error (485): Illegal character <3d> in hex string Syntax Error (490): Illegal character <80> in hex string Syntax Error (491): Illegal character <67> in hex string Syntax Error (492): Illegal character <74> in hex string Syntax Error (493): Illegal character <68> in hex string Syntax Error (501): Illegal character '>' Syntax Error (49): Dictionary key must be a name object Syntax Error (54): Dictionary key must be a name object Syntax Error (60): Dictionary key must be a name object Syntax Error (65): Dictionary key must be a name object Syntax Error (70): Dictionary key must be a name object Syntax Error (80): Dictionary key must be a name object Syntax Error (203): Dictionary key must be a name object Syntax Error (243): Dictionary key must be a name object Syntax Error (401): Dictionary key must be a name object Syntax Error (410): Dictionary key must be a name object Syntax Error (411): Dictionary key must be a name object Syntax Error (422): Dictionary key must be a name object Syntax Error (485): Illegal character <3d> in hex string Syntax Error (490): Illegal character <80> in hex string Syntax Error (491): Illegal character <67> in hex string Syntax Error (492): Illegal character <74> in hex string Syntax Error (493): Illegal character <68> in hex string Syntax Error (501): Illegal character '>' Syntax Error (1028): Illegal character ')' Syntax Error (1437): Illegal character ')' Syntax Error (1643): Dictionary key must be a name object Syntax Error (1941): Illegal character ')' Syntax Error (2035): Illegal character ')' Syntax Error (2474): Illegal character '>' Syntax Error (2476): Illegal character <2f> in hex string Syntax Error (2477): Illegal character <72> in hex string Syntax Error (2480): Illegal character <54> in hex string Syntax Error (2481): Illegal character <73> in hex string Syntax Error (2482): Illegal character <69> in hex string Syntax Error (2484): Illegal character <6e> in hex string Syntax Error (2486): Illegal character <6f> in hex string Syntax Error (2488): Illegal character <69> in hex string Syntax Error (2489): Illegal character <6e> in hex string Syntax Error (2490): Illegal character <67> in hex string Syntax Error (2494): Illegal character '>' Syntax Error: Unterminated string Syntax Error: End of file inside dictionary Syntax Error: End of file inside array Syntax Error: End of file inside dictionary Syntax Error (401): Dictionary key must be a name object Syntax Error (410): Dictionary key must be a name object Syntax Error (411): Dictionary key must be a name object Syntax Error (422): Dictionary key must be a name object Syntax Error (485): Illegal character <3d> in hex string Syntax Error (490): Illegal character <80> in hex string Syntax Error (491): Illegal character <67> in hex string Syntax Error (492): Illegal character <74> in hex string Syntax Error (493): Illegal character <68> in hex string Syntax Error (501): Illegal character '>' Syntax Error (1643): Dictionary key must be a name object Program received signal SIGSEGV, Segmentation fault. ► f 0 0x555555846739 GString::resize(int)+1305 f 1 0x55555583fea1 GString::GString(GString\*)+33 f 2 0x5555557c01de Object::copy(Object\*)+270 f 3 0x5555557c01de Object::copy(Object\*)+270 f 4 0x55555582cbd8 f 5 0x555555675364 Catalog::countPageTree(Object\*)+228 f 6 0x555555675364 Catalog::countPageTree(Object\*)+228 f 7 0x5555556754d3 Catalog::countPageTree(Object\*)+595 (gdb) bt #0 0x0000555555846739 in GString::resize (this=this@entry=0x555555b88a20, length1=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/goo/GString.cc:109 #1 0x000055555583fea1 in GString::GString (this=0x555555b88a20, str=0x555555b88760) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/goo/GString.h:80 #2 0x00005555557c01de in GString::copy (this=0x555555b88760) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/goo/GString.h:42 #3 Object::copy (this=this@entry=0x555555b84078, obj=obj@entry=0x7fffff7ff1a0) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.cc:84 #4 0x000055555582cbd8 in XRef::fetch (this=0x555555b83990, num=<optimized out>, gen=<optimized out>, obj=0x7fffff7ff1a0, recursion=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/XRef.cc:1212 #5 0x0000555555675364 in Object::dictLookup (this=<optimized out>, recursion=0, obj=0x7fffff7ff1a0, key=0x5555558a07c7 "Kids") at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Object.h:267 #6 Catalog::countPageTree (this=0x555555b5d4a0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:563 #7 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b5d4a0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #8 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b5d4a0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #9 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b5d4a0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #10 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b5d4a0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567 #11 0x00005555556754d3 in Catalog::countPageTree (this=0x555555b5d4a0, pagesObj=<optimized out>) at /home/fuzz/fuzzing\_xpdf/xpdf-4.04/xpdf/Catalog.cc:567

CVE-2023-26937: xpdf_Stack-backtracking/Stack_backtracking_gstring at main · huanglei3/xpdf_Stack-backtracking

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc.

**Sign in to GitHub**

Username or email address

Password Forgot password?

New to GitHub? Create an account.

Tag

#buffer_overflow