CVE-2024-2971: Out-of-bounds array access due to negative object numbers in indirect references in Xpdf 4.05
Published Mar 26, 2024
·Updated
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
Affected Software
2 affected components
xpdf Xpdf<=4.05
Xpdfreader Xpdf<=4.05
Event History
Mar 26, 2024
CVE Published
via MITRE·09:31 PM
Data Sourced
via MITRE·09:31 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Feb 21, 57052
Event
via NVD·02:42 PM
Frequently Asked Questions
1
What is the severity of CVE-2024-2971?
CVE-2024-2971 has been classified as a high severity vulnerability due to the potential for exploitation leading to arbitrary code execution.
2
How do I fix CVE-2024-2971?
To fix CVE-2024-2971, upgrade to the latest version of Xpdf that addresses this vulnerability.
3
What version of Xpdf is affected by CVE-2024-2971?
CVE-2024-2971 affects Xpdf versions up to and including 4.05.
4
What type of vulnerability is CVE-2024-2971?
CVE-2024-2971 is an out-of-bounds array write vulnerability.
5
Can CVE-2024-2971 be exploited through a PDF file?
Yes, CVE-2024-2971 can be triggered by an input PDF file containing a negative object number in an indirect reference.