CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().
This vulnerability can be exploited by redirecting the user to external resources or by uploading a malicious payload to xpdf/FileStream.cpp:1692, which causes a crash in the function StringStream::flush(). Attackers can use this vulnerability to execute arbitrary code or cause a denial of service. Furthermore, this issue can be leveraged to perform remote code execution.
CVE-2018-8577: An exploitable heap buffer overflow exists in the function XFA_Save_Document in XFA.cc at line 851.
CVE-2018-8569: An exploitable integer overflow exists in the function XFA_Load_Document in XFA.cc at line 374.
CVE-2018-8570: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 571.
CVE-2018-8571: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 1757.
CVE-2018-8572: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 2119.
CVE-2018-8573: An exploitable buffer overflow exists in the function XFA_Parse_XML in XFA.cc at line 2165.
CVE-2018-8574: An exploitable buffer overflow
^^ this is the one, but it's not really an "exploit"
CVE-2022-43295: An exploitable heap buffer overflow exists in the function StringStream::flush() at line 1692 in xpdf/FileStream.cpp. Attackers can use this vulnerability to execute arbitrary code or cause a denial of service. Additionally, this issue can be leveraged to perform remote code execution and gain unauthorized access.
Timeline
Published on: 11/14/2022 21:15:00 UTC
Last modified on: 11/17/2022 05:18:00 UTC