PT-2024-24603 · Xpdf+1 · Xpdf+1
Arbusz
·
Published
2024-04-02
·
Updated
2025-12-22
·
CVE-2024-3248
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Xpdf versions 4.05 and earlier
Description
The issue is caused by a PDF object loop in the attachments, leading to infinite recursion and a stack overflow.
Recommendations
For versions 4.05 and earlier, update to a newer version to mitigate the risk.
As a temporary workaround, consider restricting the handling of PDF attachments to prevent infinite recursion.
Fix
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Xpdf