CVE-2024-7868

LOW Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-908
View all →

Vulnerability Description

In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.

Related Vulnerabilities

CVE-2020-13113

HIGH
CVSS:8.2(High)

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.

CWE-9082020

CVE-2022-29240

HIGH
CVSS:8.1(High)

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompresse...

CWE-9082022

CVE-2018-9377

HIGH
CVSS:8.4(High)

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional...

CWE-9082018

CVE-2020-11260

HIGH
CVSS:8.4(High)

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

CWE-9082020

CVE-2009-2692

HIGH
CVSS:7.8(High)

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL...

CWE-9082009

CVE-2018-15911

HIGH
CVSS:7.8(High)

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execu...

CWE-9082018