CVE-2024-4141: Out-of-bounds array write in Xpdf 4.05 due to incorrect bounds check
Published Apr 24, 2024
·Updated
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
Affected Software
2 affected components
xpdf Xpdf<4.05
Xpdfreader Xpdf<=4.05
Event History
Apr 24, 2024
CVE Published
via MITRE·06:36 PM
Data Sourced
via MITRE·06:36 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·07:15 PM
DescriptionSeverityWeaknessAffected Software
Feb 21, 57052
Event
via NVD·02:41 PM
Frequently Asked Questions
1
What is the severity of CVE-2024-4141?
CVE-2024-4141 is considered a high severity vulnerability due to its potential for an out-of-bounds array write.
2
How do I fix CVE-2024-4141?
To fix CVE-2024-4141, update Xpdf to version 4.06 or later to address the out-of-bounds write issue.
3
Which versions of Xpdf are affected by CVE-2024-4141?
CVE-2024-4141 affects Xpdf versions up to and including 4.05.
4
What causes CVE-2024-4141?
CVE-2024-4141 is caused by a lack of proper bounds checking on an array in the handling of Type 1 fonts.
5
What can attackers do if they exploit CVE-2024-4141?
If exploited, CVE-2024-4141 may allow attackers to execute arbitrary code or cause denial of service.