CVE-2022-48545
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Aug 22, 2023
Updated: Aug 28, 2023
CWE ID 674
Summary
CVE-2022-48545 is a denial-of-service vulnerability affecting xPDF version 4.02. This issue arises due to an infinite recursion in the Catalog::findDestInTree function, leading to an exhaustion of system resources when processing certain maliciously crafted PDF files. Attackers can exploit this vulnerability by supplying a specially crafted PDF document, potentially causing the targeted xPDF instance to become unresponsive or crash. Successful exploitation may result in a denial-of-service condition for the affected system.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share