There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Denial Of Service
Buffer Overflow
Information Disclosure
Xpdfreader
NVD
GitHub
CVSS 3.0
7.1
EPSS
1.3%