CVE-2022-27135

Name of the Vulnerable Software and Affected Versions xpdf version 4.03

Description The issue is a heap buffer overflow in the readXRefTable function located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.

Recommendations For xpdf version 4.03, as a temporary workaround, consider disabling the readXRefTable function until a patch is available. Restrict access to the pdftoppm binary to minimize the risk of exploitation. Avoid using crafted PDF files with the pdftoppm binary until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.