CVE-2024-7866 - OpenCVE

In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.

Attack Vector Local

Attack Complexity High

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Xpdfreader	Xpdf

Configuration 1 [-]

cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.xpdfreader.com/security-bug/object-loops.html

History

Tue, 20 Aug 2024 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Xpdfreader Xpdfreader xpdf
CPEs		cpe:2.3:a:xpdfreader:xpdf::::::::
Vendors & Products		Xpdfreader Xpdfreader xpdf
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Fri, 16 Aug 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 15 Aug 2024 20:00:00 +0000

Type	Values Removed	Values Added
Description		In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.
Title		Stack overflow in Xpdf 4.05 due to object loop in PDF pattern
Weaknesses		CWE-674
References		https://www.xpdfreader.com/security-bug/object-loops.html
Metrics		cvssV4_0 `{'score': 2.1, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: GandC

Published: 2024-08-15T19:50:06.413Z

Updated: 2024-08-16T17:13:35.817Z

Reserved: 2024-08-15T19:41:01.904Z

Link: CVE-2024-7866

Vulnrichment

Updated: 2024-08-16T17:13:25.930Z

NVD

Status : Analyzed

Published: 2024-08-15T20:15:18.793

Modified: 2024-08-20T19:23:02.780

Link: CVE-2024-7866

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7866", "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "state": "PUBLISHED", "assignerShortName": "GandC", "dateReserved": "2024-08-15T19:41:01.904Z", "datePublished": "2024-08-15T19:50:06.413Z", "dateUpdated": "2024-08-16T17:13:35.817Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["all"], "product": "Xpdf", "vendor": "Xpdf", "versions": [{"lessThanOrEqual": "4.05", "status": "affected", "version": "0", "versionType": "Version"}]}], "credits": [{"lang": "en", "type": "finder", "value": "xiaobaozidi"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.<br>"}], "value": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 2.1, "baseSeverity": "LOW", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-674", "description": "CWE-674 Uncontrolled Recursion", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "shortName": "GandC", "dateUpdated": "2024-08-15T19:50:06.413Z"}, "references": [{"url": "https://www.xpdfreader.com/security-bug/object-loops.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Stack overflow in Xpdf 4.05 due to object loop in PDF pattern", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-16T17:13:19.735300Z", "id": "CVE-2024-7866", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T17:13:35.817Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7866", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-16T17:13:19.735300Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T17:13:25.930Z"}}], "cna": {"title": "Stack overflow in Xpdf 4.05 due to object loop in PDF pattern", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "xiaobaozidi"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xpdf", "product": "Xpdf", "versions": [{"status": "affected", "version": "0", "versionType": "Version", "lessThanOrEqual": "4.05"}], "platforms": ["all"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.xpdfreader.com/security-bug/object-loops.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.", "supportingMedia": [{"type": "text/html", "value": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-674", "description": "CWE-674 Uncontrolled Recursion"}]}], "providerMetadata": {"orgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "shortName": "GandC", "dateUpdated": "2024-08-15T19:50:06.413Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7866", "state": "PUBLISHED", "dateUpdated": "2024-08-16T17:13:35.817Z", "dateReserved": "2024-08-15T19:41:01.904Z", "assignerOrgId": "ace9cabe-4f4f-416b-8c39-b0e002761924", "datePublished": "2024-08-15T19:50:06.413Z", "assignerShortName": "GandC"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "20E42312-53C6-4D3F-963D-06CD49603AF3", "versionEndIncluding": "4.05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow."}, {"lang": "es", "value": " En Xpdf 4.05 (y versiones anteriores), un bucle de objeto PDF en un recurso de patr\u00f3n provoca una recursividad infinita y un desbordamiento de pila."}], "id": "CVE-2024-7866", "lastModified": "2024-08-20T19:23:02.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "xpdf@xpdfreader.com", "type": "Secondary"}]}, "published": "2024-08-15T20:15:18.793", "references": [{"source": "xpdf@xpdfreader.com", "tags": ["Vendor Advisory"], "url": "https://www.xpdfreader.com/security-bug/object-loops.html"}], "sourceIdentifier": "xpdf@xpdfreader.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-674"}], "source": "xpdf@xpdfreader.com", "type": "Secondary"}]}