Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-7868

In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.

Published

2024-08-15T21:15:18.530

Last Modified

2025-10-06T23:15:33.393

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Secondary
CWE-457
Type: Primary
CWE-908

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xpdfreader	xpdf	< 4.06	Yes

References

https://www.xpdfreader.com/security-bug/CVE-2024-7868.html Vendor Advisory ([email protected])