Elvadisas

**Name of the Vulnerable Software and Affected Versions** xpdf version 4.04 **Description** The issue arises when xpdf allocates excessive memory in response to crafted input. This can be triggered by sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE CXX COMPILER=afl-clang-fast++ option. **Recommendations** For xpdf version 4.04, as a temporary workaround, consider restricting the use of the pdftoppm binary until a patch is available. Additionally, avoid using the DCMAKE CXX COMPILER=afl-clang-fast++ option to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.