OpenCVE

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xpdfreader	Xpdf

Configuration 1 [-]

cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/baker221/poc-xpdf
https://www.xpdfreader.com/security-bug/CVE-2023-3044.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: GandC

Published: 2023-06-02T22:32:31.677Z

Updated: 2024-08-02T06:41:04.131Z

Reserved: 2023-06-01T22:02:19.916Z

Link: CVE-2023-3044

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-02T23:15:09.580

Modified: 2024-11-21T08:16:18.800

Link: CVE-2023-3044

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3044", "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "state": "PUBLISHED", "assignerShortName": "GandC", "dateReserved": "2023-06-01T22:02:19.916Z", "datePublished": "2023-06-02T22:32:31.677Z", "dateUpdated": "2024-08-02T06:41:04.131Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["all"], "product": "Xpdf", "vendor": "Xpdf", "versions": [{"status": "affected", "version": "4.04"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Junlin Liu of Peking Univ."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.</div><div><br></div><div>This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.<br></div>"}], "value": "An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.\n\n\n\n\nThis is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-369", "description": "CWE-369 Divide By Zero", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "shortName": "GandC", "dateUpdated": "2023-06-02T22:32:31.677Z"}, "references": [{"url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html"}, {"url": "https://github.com/baker221/poc-xpdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Divide-by-zero in Xpdf 4.04 due to very large page size", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:41:04.131Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html", "tags": ["x_transferred"]}, {"url": "https://github.com/baker221/poc-xpdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "70492207-C977-44E7-BA29-17CAC6333E30", "versionEndExcluding": "4.05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.\n\n\n\n\nThis is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.\n\n\n"}], "id": "CVE-2023-3044", "lastModified": "2024-11-21T08:16:18.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "xpdf@xpdfreader.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-02T23:15:09.580", "references": [{"source": "xpdf@xpdfreader.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/baker221/poc-xpdf"}, {"source": "xpdf@xpdfreader.com", "tags": ["Vendor Advisory"], "url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/baker221/poc-xpdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html"}], "sourceIdentifier": "xpdf@xpdfreader.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "xpdf@xpdfreader.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-369"}], "source": "nvd@nist.gov", "type": "Primary"}]}