This vulnerability can be exploited by redirecting the user to external resources or by uploading a malicious payload to xpdf/FileStream.cpp:1692, which causes a crash in the function StringStream::flush(). Attackers can use this vulnerability to execute arbitrary code or cause a denial of service. Furthermore, this issue can be leveraged to perform remote code execution.

CVE-2018-8577: An exploitable heap buffer overflow exists in the function XFA_Save_Document in XFA.cc at line 851.

CVE-2018-8569: An exploitable integer overflow exists in the function XFA_Load_Document in XFA.cc at line 374.

CVE-2018-8570: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 571.

CVE-2018-8571: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 1757.

CVE-2018-8572: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 2119.

CVE-2018-8573: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 2165.

CVE-2018-8574: An exploitable buffer overflow

^^ this is the one, but it's not really an "exploit"


CVE-2022-43295: An exploitable heap buffer overflow exists in the function StringStream::flush() at line 1692 in xpdf/FileStream.cpp. Attackers can use this vulnerability to execute arbitrary code or cause a denial of service. Additionally, this issue can be leveraged to perform remote code execution and gain unauthorized access.

Timeline

Published on: 11/14/2022 21:15:00 UTC
Last modified on: 11/17/2022 05:18:00 UTC

References