CVE-2023-3044

LOW

Published Jun 2, 20233y ago · Modified Jun 17, 20261w ago

3.3 CVSS 3.1

Low

Published Jun 2, 2023 3y ago

Last Modified Jun 17, 2026 1w ago

Description

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.

CVSS Details

Base Score

3.3

Exploitability

1.8

Impact

1.4

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality None

Integrity None

Availability Low

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-369

Affected Products 1

Vendor	Product	Version	Range
xpdfreader	xpdf	*	<4.05

References 2

github.com https://github.com/baker221/poc-xpdf

ExploitThird Party Advisory
xpdfreader.com https://www.xpdfreader.com/security-bug/CVE-2023-3044.html

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.