Hzheng

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.04 **Description** The issue is related to a use-after-free problem in the `JBIG2Stream::close()` function, located in the JBIG2Stream.cc file. This can be triggered by sending a crafted PDF file to the `pdfimages` binary, for example. It allows an attacker to cause Denial of Service or possibly have other unspecified impacts. **Recommendations** For Xpdf version 4.04, as a temporary workaround, consider disabling the `JBIG2Stream::close()` function until a patch is available. Restrict access to the `pdfimages` binary to minimize the risk of exploitation. Avoid using crafted PDF files with the affected binary until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.