cvedb.io
CVE-2024-7868
HIGH · CVSS 8.2
EPSS exploitation probability: 0%
Published 2024-08-15T21:15:18.530 · Last modified 2026-06-17T08:21:04.897

Summary

In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.

Affected products

xpdfreader — xpdf

Does this affect you?

Add your gear to cvedb and we'll alert you only when xpdfreader ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.