CVE-2020-25725

Name of the Vulnerable Software and Affected Versions Xpdf version 4.02

Description The issue arises in the SplashOutputDev::endType3Char(GfxState *state) function, where it attempts to use the freed t3GlyphStack->cache, resulting in a heap-use-after-free problem. This occurs because the previous fix for nested Type 3 characters did not correctly handle cases where a Type 3 character refers to another character in the same Type 3 font.

Recommendations For Xpdf version 4.02, consider disabling the SplashOutputDev::endType3Char function as a temporary workaround until a patch is available. Restrict access to Type 3 fonts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.