CVE-2020-24996

Name of the Vulnerable Software and Affected Versions Xpdf version 4.0.2

Description The issue is related to an invalid memory access in the TextString::~TextString() function, located in Catalog.cc. This can be triggered by sending a crafted pdf file to the pdftohtml binary, potentially allowing a remote attacker to cause a Denial of Service (Segmentation fault) or have unspecified other impact.

Recommendations For Xpdf version 4.0.2, consider restricting access to the pdftohtml binary to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the pdftohtml binary with untrusted pdf files.