Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Xpdf
NVD
CVSS 3.1
3.3
EPSS
0.2%