CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().

CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().

This vulnerability can be exploited by redirecting the user to external resources or by uploading a malicious payload to xpdf/FileStream.cpp:1692, which causes a crash in the function StringStream::flush(). Attackers can use this vulnerability to execute arbitrary code or cause a denial of service. Furthermore, this issue can be leveraged to perform remote code execution.

CVE-2018-8577: An exploitable heap buffer overflow exists in the function XFA_Save_Document in XFA.cc at line 851.

CVE-2018-8569: An exploitable integer overflow exists in the function XFA_Load_Document in XFA.cc at line 374.

CVE-2018-8570: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 571.

CVE-2018-8571: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 1757.

CVE-2018-8572: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 2119.

CVE-2018-8573: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 2165.

CVE-2018-8574: An exploitable buffer overflow

^^ this is the one, but it's not really an "exploit"


CVE-2022-43295: An exploitable heap buffer overflow exists in the function StringStream::flush() at line 1692 in xpdf/FileStream.cpp. Attackers can use this vulnerability to execute arbitrary code or cause a denial of service. Additionally, this issue can be leveraged to perform remote code execution and gain unauthorized access.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe