CVE Catalog

CVE-2023-3436

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

Xpdf version 4.04 can deadlock when processing a PDF object stream whose 'Length' field is in another object stream.

Risk Assessment

Deadlocking may lead to service unavailability, impacting the organization's operational continuity.

Recommendation

It is recommended to upgrade to a newer version of Xpdf to avoid deadlock issues.

Original NVD description (English source)

Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS