{"id":"MGASA-2021-0112","summary":"Updated xpdf packages fix security vulnerabilities","details":"In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state)\nSplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack-\u003ecache`, which\ncauses an `heap-use-after-free` problem. The codes of a previous fix for nested\nType 3 characters wasn't correctly handling the case where a Type 3 char\nreferred to another char in the same Type 3 font (CVE-2020-25725).\n\nXpdf 4.02 allows stack consumption because of an incorrect subroutine reference\nin a Type 1C font charstring, related to the FoFiType1C::getOp() function\n(CVE-2020-35376).\n","modified":"2026-04-16T04:44:42.253739476Z","published":"2021-03-04T16:53:32Z","upstream":["CVE-2020-25725","CVE-2020-35376"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0112.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28474"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VLOYVJSM54IL6I5RY4QTJGRS7PIEG44X/"}],"affected":[{"package":{"name":"xpdf","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/xpdf?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.03-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0112.json"}},{"package":{"name":"xpdf","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/xpdf?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.03-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0112.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}