Vulnerability CVE-2020-25725: Information

Description

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Published: Nov. 21, 2020
Modified: Dec. 14, 2023
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
xpdfsisyphus4.03-alt14.05-alt1ALT-PU-2021-1186-1265506Fixed
xpdfp104.03-alt14.04-alt1ALT-PU-2021-1186-1265506Fixed
xpdfp94.03-alt14.03-alt1ALT-PU-2021-1195-1265507Fixed
xpdfc10f14.03-alt14.04-alt1ALT-PU-2021-1186-1265506Fixed
xpdfp114.03-alt14.05-alt1ALT-PU-2021-1186-1265506Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:xpdfreader:xpdf:4.02:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*