Main Vulnerability Database Vulnerabilities #VU74023

NULL pointer dereference in xpdf - CVE-2022-38928

Published: March 24, 2023

Vulnerability identifier: #VU74023

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-38928

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
xpdf

Software vendor:
Glyph & Cog

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a NULL pointer dereference error in FoFiType1C.cc:2393. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421
http://www.xpdfreader.com/security-fixes.html#4.05

NULL pointer dereference in xpdf - CVE-2022-38928

Description

Remediation

External links

Please verify you're human