CVE Catalog

CVE-2023-3044

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

26th percentile — higher than 26% of all known CVEs

Summary

Xpdf has a vulnerability related to excessively large PDF page sizes, which can lead to a divide-by-zero error in the text extraction code. This issue was discovered during fuzz testing and is unlikely to occur in normal PDF files.

Risk Assessment

Organizations may face application crashes or unexpected behavior when processing atypical PDF files, potentially leading to data loss or service interruptions.

Recommendation

It is recommended to monitor and restrict the processing of PDF files with unusual page sizes and to update Xpdf to the latest version to minimize risk.

Original NVD description (English source)

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS