CVE-2022-48545

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 22, 2023

Updated: Aug 28, 2023

CWE ID 674

Summary

CVE-2022-48545 is a denial-of-service vulnerability affecting xPDF version 4.02. This issue arises due to an infinite recursion in the Catalog::findDestInTree function, leading to an exhaustion of system resources when processing certain maliciously crafted PDF files. Attackers can exploit this vulnerability by supplying a specially crafted PDF document, potentially causing the targeted xPDF instance to become unresponsive or crash. Successful exploitation may result in a denial-of-service condition for the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sF-Hmw
https://www.cve.org/CVERecord?id=CVE-2022-48545
https://nvd.nist.gov/vuln/detail/CVE-2022-48545

Back to Vulnerability Database

CVE-2022-48545

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations