Vulnerability CVE-2020-35376: Information

Description

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: Dec. 26, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
xpdfsisyphus4.03-alt14.05-alt1ALT-PU-2021-1186-1265506Fixed
xpdfp104.03-alt14.04-alt1ALT-PU-2021-1186-1265506Fixed
xpdfp94.03-alt14.03-alt1ALT-PU-2021-1195-1265507Fixed
xpdfc10f14.03-alt14.04-alt1ALT-PU-2021-1186-1265506Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:xpdfreader:xpdf:4.02:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*