PT-2025-14564 · Xpdf+2 · Xpdf+2
Erik Viken
·
Published
2025-04-02
·
Updated
2025-11-05
·
CVE-2025-3154
CVSS v4.0
2.1
Low
| Vector | AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Xpdf versions 4.05 and earlier
Description
The issue is an out-of-bounds array write, triggered by an invalid
VerticesPerRow value in a PDF shading dictionary.Recommendations
For versions 4.05 and earlier, update to a version that fixes this issue.
As a temporary workaround, consider validating the
VerticesPerRow value in PDF shading dictionaries to prevent invalid values from causing an out-of-bounds array write.Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Suse
Xpdf