Loginsoft

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.01 **Description** A stack consumption issue exists in the `md5Round1()` function located in Decrypt.cc. This issue can be triggered by sending a crafted pdf file to the `pdfimages` binary, allowing an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. The issue is related to `Catalog::countPageTree`. **Recommendations** For Xpdf version 4.01, consider disabling the `md5Round1()` function as a temporary workaround until a patch is available. Restrict access to the `pdfimages` binary to minimize the risk of exploitation. Avoid using crafted pdf files that may trigger the stack consumption issue until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.01 **Description** The issue is related to an invalid memory access in the `gAtomicIncrement()` function, located in GMutex.h. This can be triggered by sending a crafted pdf file to the pdftops binary, for example. The impact of this issue includes causing a Denial of Service, resulting in a Segmentation fault, and potentially having other unspecified effects. **Recommendations** For Xpdf version 4.01, consider restricting access to the pdftops binary until a fix is available, and avoid processing crafted pdf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.01 **Description** The issue is related to a NULL pointer dereference vulnerability in the `setupResources()` function located in `PSOutputDev.cc`. This can be triggered by sending a crafted pdf file to the `pdftops` binary, for example. The impact includes causing a Denial of Service (Segmentation fault) or possibly having unspecified other effects. **Recommendations** For Xpdf version 4.01, consider avoiding the use of the `pdftops` binary with untrusted pdf files until a fix is available. As a temporary workaround, restrict access to the `PSOutputDev::setupResources()` function to minimize the risk of exploitation.