{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4976", "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "state": "PUBLISHED", "assignerShortName": "GandC", "dateReserved": "2024-05-15T20:23:00.257Z", "datePublished": "2024-05-15T20:34:24.716Z", "dateUpdated": "2024-08-01T20:55:10.484Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["all"], "product": "Xpdf", "vendor": "Xpdf", "versions": [{"lessThanOrEqual": "4.05", "status": "affected", "version": "0", "versionType": "version"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Vladislav Shevchenko (HSE university, Moscow)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.<br>"}], "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 2.1, "baseSeverity": "LOW", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "shortName": "GandC", "dateUpdated": "2024-05-15T20:34:24.716Z"}, "references": [{"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Out-of-bounds array write in Xpdf 4.05 due to missing object type check", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "xpdf", "product": "xpdf", "cpes": ["cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.05", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-16T18:50:15.005590Z", "id": "CVE-2024-4976", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T19:54:06.311Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.484Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:55:10.484Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4976", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-16T18:50:15.005590Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:xpdf:xpdf:*:*:*:*:*:*:*:*"], "vendor": "xpdf", "product": "xpdf", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.05"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-16T18:46:49.817Z"}}], "cna": {"title": "Out-of-bounds array write in Xpdf 4.05 due to missing object type check", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Vladislav Shevchenko (HSE university, Moscow)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xpdf", "product": "Xpdf", "versions": [{"status": "affected", "version": "0", "versionType": "version", "lessThanOrEqual": "4.05"}], "platforms": ["all"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "shortName": "GandC", "dateUpdated": "2024-05-15T20:34:24.716Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4976", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:55:10.484Z", "dateReserved": "2024-05-15T20:23:00.257Z", "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "datePublished": "2024-05-15T20:34:24.716Z", "assignerShortName": "GandC"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3", "versionEndIncluding": "4.05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference."}, {"lang": "es", "value": "Escritura de matriz fuera de los l\u00edmites en Xpdf 4.05 y versiones anteriores, debido a que falta la verificaci\u00f3n del tipo de objeto en la referencia del campo AcroForm."}], "id": "CVE-2024-4976", "lastModified": "2025-01-29T16:11:00.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "xpdf@xpdfreader.com", "type": "Secondary"}]}, "published": "2024-05-15T21:15:09.560", "references": [{"source": "xpdf@xpdfreader.com", "tags": ["Vendor Advisory"], "url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.xpdfreader.com/security-bug/CVE-2024-4976.html"}], "sourceIdentifier": "xpdf@xpdfreader.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "xpdf@xpdfreader.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "xpdf: Out-of-bounds array write due to missing object type check", "id": "2280759", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280759"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.", "A flaw was found in Xpdf. An out-of-bounds array write in versions 4.05 and earlier occurs due to a missing object type check in the AcroForm field reference."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-4976", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Will not fix", "package_name": "xpdf", "product_name": "Red Hat Enterprise Linux 10"}], "public_date": "2024-05-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-4976\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4976\nhttps://www.xpdfreader.com/security-bug/CVE-2024-4976.html"], "threat_severity": "Important"}

{}