CVE-2020-24999

Name of the Vulnerable Software and Affected Versions Xpdf version 4.0.2

Description The issue is caused by an invalid memory access in the fprintf function located in Error.cc. It can be triggered by sending a crafted PDF file to the pdftohtml binary, allowing a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Recommendations For Xpdf version 4.0.2, consider restricting access to the pdftohtml binary until a patch is available to prevent potential Denial of Service attacks. As a temporary workaround, avoid using the pdftohtml binary with untrusted PDF files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.