CVE-2024-4141

CVE-2024-4141

Name

CVE-2024-4141

Description

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
xpdf@xpdfreader.com	https://www.xpdfreader.com/security-bug/CVE-2024-4141.html

Type

URI

xpdf@xpdfreader.com

https://www.xpdfreader.com/security-bug/CVE-2024-4141.html

CPE URI	Source package	Min version	Max version
	xpdf	>= 0	< 4.05
`cpe:2.3:a:xpdfreader:xpdf::::::::`	xpdf	>= None	<= 4.05

CPE URI

Source package

Min version

Max version

xpdf

>= 0

< 4.05

cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*

xpdf

>= None

<= 4.05

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xpdf	edge-community	4.05-r0	Dominika Liberda <ja@sdomi.pl>	possibly vulnerable
xpdf	edge-community	4.04-r0	Dominika Liberda <ja@sdomi.pl>	possibly vulnerable
xpdf	edge-community	4.03-r0	Isaac Dunham <ibid.ag@gmail.com>	possibly vulnerable
xpdf	3.22-community	4.05-r0	Dominika Liberda <ja@sdomi.pl>	possibly vulnerable
xpdf	3.22-community	4.04-r0	None	possibly vulnerable
xpdf	3.22-community	4.03-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

xpdf

edge-community

4.05-r0

Dominika Liberda <ja@sdomi.pl>

possibly vulnerable

xpdf

edge-community