CVE-2023-3044 LOW

CVE-2023-3044: Divide-by-zero in Xpdf 4.04 due to very large page size

Vendor Xpdf
Product Xpdf
Weakness CWE-369
Published June 2, 2023
Last update January 8, 2025

CVSS base score

3.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.

Key dates

02Disclosure timeline

June 2, 2023 CVE published
January 8, 2025 Record updated