CVE-2024-3248: Stack overflow in Xpdf 4.05 due to object loop in attachments
Published Apr 2, 2024
·Updated
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
Affected Software
2 affected components
xpdf Xpdf<4.05
Xpdfreader Xpdf<=4.05
Event History
Apr 2, 2024
CVE Published
via MITRE·11:04 PM
Data Sourced
via MITRE·11:04 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Feb 21, 57052
Event
via NVD·02:42 PM
Frequently Asked Questions
1
What is the severity of CVE-2024-3248?
CVE-2024-3248 has been classified with a severity that may lead to denial of service due to a stack overflow.
2
What versions of Xpdf are affected by CVE-2024-3248?
CVE-2024-3248 affects Xpdf versions up to and including 4.05.
3
How do I fix CVE-2024-3248?
To fix CVE-2024-3248, update to a later version of Xpdf that addresses this vulnerability.
4
What type of vulnerability is CVE-2024-3248?
CVE-2024-3248 is a denial-of-service vulnerability caused by infinite recursion in PDF object handling.
5
What happens if I don't address CVE-2024-3248?
If CVE-2024-3248 is not addressed, it could lead to application crashes and unavailability of PDF processing.