CVE-2023-2662 : In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can c

In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.

Published 2023-05-11 21:15:10

Updated 2025-01-24 16:15:31

Source Glyph & Cog, LLC

View at NVD, CVE.org

Products affected by CVE-2023-2662

Xpdfreader » Xpdf
Versions up to, including, (<=) 4.04
cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 2 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-01-24
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High
2.9	LOW	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L	1.4	1.4	Glyph & Cog, LLC
Attack Vector: Local Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

https://forum.xpdfreader.com/viewtopic.php?t=42505

A FPE in pdfimages xpdf4.04 - forum.xpdfreader.com
Exploit

Jump to