CVE-2024-2971

NameCVE-2024-2971
DescriptionOut-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
poppler (PTS)buster0.71.0-5undetermined
buster (security)0.71.0-5+deb10u3undetermined
bullseye (security), bullseye20.09.0-3.1+deb11u1undetermined
trixie, bookworm22.12.0-2undetermined
sid22.12.0-2.2undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
popplersource(unstable)undetermined

Notes

Might possibly affect poppler, pdf in Debian uses it

Search for package or bug name: Reporting problems