H00K1998

**Name of the Vulnerable Software and Affected Versions** XPDF version 4.04 **Description** A stack overflow issue was discovered in XPDF via the Object::Copy class of object.cc files. **Recommendations** For XPDF version 4.04, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.0.4 **Description** The issue is caused by an invalid memory access in the TextLine class in TextOutputDev.cc. This occurs because the text extractor mishandles characters at large y coordinates. It can be triggered by sending a crafted pdf file to the pdftotext binary, allowing a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. **Recommendations** For Xpdf version 4.0.4, consider avoiding the use of the pdftotext binary with untrusted pdf files until a patch is available. As a temporary workaround, restrict access to the TextOutputDev.cc module to minimize the risk of exploitation.