Xpdf is vulnerable to denial of service. It is trying to use the freed t3GlyphStack->cache
, which causes an heap-use-after-free
problem. The codes of a previous fix for nested Type 3 characters wasn’t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725
forum.xpdfreader.com/viewtopic.php?f=3&t=41915
lists.fedoraproject.org/archives/list/[email protected]/message/4ZUU5QG6SSVRTKZTR3A72LDRVZETEI63/
lists.fedoraproject.org/archives/list/[email protected]/message/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/
secdb.alpinelinux.org/edge/community.yaml