A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Denial Of Service
Buffer Overflow
Information Disclosure
Xpdfreader
NVD
CVSS 3.0
7.1
EPSS
1.1%