CVE-2020-23873: 
NixOS vulnerability analysis and mitigation

CVE-2020-23873 is a vulnerability in the pdf2xml software that affects the TextPage component. The vulnerability was discovered in 2020 and involves multiple security issues including heap buffer overflows, null pointer dereferences, and memory leaks in various functions like TextPage::dump, TextPage::addAttributsNode, and TextPage::restoreState (GitHub POC).

The vulnerability manifests in several ways: a heap buffer overflow in TextPage::dump function when processing PDF files, another heap buffer overflow in TextPage::addAttributsNode function, and a null pointer dereference in TextPage::restoreState function. The issues occur during PDF processing and conversion to XML format. The heap buffer overflows involve writing beyond allocated memory regions, specifically writing 11 bytes into a 10-byte allocated region (GitHub Issue).

The vulnerability can lead to multiple severe consequences including denial of service conditions, potential arbitrary code execution, and memory corruption. When exploited, it can cause the application to crash or potentially allow an attacker to execute unauthorized code. Additionally, the memory leaks identified can lead to resource exhaustion over time (GitHub POC).