Primary

Context

Xpdf CMap Object Loop Vulnerability Leading to Stack Overflow

Vulnerability

Patched

A stack overflow vulnerability due to infinite recursion has been identified in Xpdf versions through 4.05. This issue arises from a PDF object loop in a CMap, triggered by the 'UseCMap' entry, causing the application to enter an endless loop and eventually overflow the stack.

Impact

Exploitation of this vulnerability causes a stack overflow, which can lead to arbitrary code execution or a denial-of-service condition by crashing the application.

Remediation

Users can upgrade to Xpdf version 4.06, where this vulnerability will be fixed.

Added: Oct 16, 2025, 10:19 PM

Updated: Oct 16, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xpdf CMap Object Loop Vulnerability Leading to Stack Overflow

Vulnerability

Impact

Remediation

Affected Products

Xpdf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating