CVE-2024-2971

CVSS 3.1 Score 2.9 of 10 (low)

Details

Published Mar 26, 2024

Updated: Mar 27, 2024

CWE ID 787

Summary

CVE-2024-2971 is a newly disclosed vulnerability affecting Xpdf versions 4.05 and older. This issue involves an out-of-bounds array write, which can be triggered by a maliciously crafted PDF file containing a negative object number in an indirect reference. Successful exploitation could result in arbitrary code execution or denial of service, posing a significant risk to systems using the affected software. Users are advised to update to the latest version of Xpdf as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xpdf

Affected Vendors

Glyph & Cog LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vC81oR
https://www.cve.org/CVERecord?id=CVE-2024-2971
https://nvd.nist.gov/vuln/detail/CVE-2024-2971

Back to Vulnerability Database