Description Preview
The vulnerability CVE-2024-2971 is an out-of-bounds array write issue that affects Xpdf 4.05 and earlier versions. This vulnerability is triggered by a negative object number in indirect reference in the input PDF file. The attack complexity is high and the attack vector is local. The availability impact is low and the base score is 2.9, indicating a low severity. There is no impact on confidentiality and integrity as per the CVSS 3.1 metrics.
Overview
This vulnerability was discovered by Song Jiaxuan from Huazhong University of Science and Technology. The vulnerability is classified under CWE-787: Out-of-bounds Write. The vulnerability was first published on 26th March 2024 and was last updated on 6th August 2024.
Remediation
As of now, there is no specific remediation provided for this vulnerability. Users are advised to keep their software up-to-date and monitor the vendor's website for any updates or patches related to this vulnerability.
References
More information about this vulnerability can be found at the following URL: https://www.xpdfreader.com/security-bug/CVE-2024-2971.html
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Transportation & WarehousingTransportation & Warehousing
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- InformationInformation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
