CVE-2023-3044: 
NixOS vulnerability analysis and mitigation

CVE-2023-3044 is a vulnerability in Xpdf's text extraction code that occurs when processing PDF files with excessively large page sizes. The issue was discovered through fuzz testing and is related to CVE-2022-30524, though this specific vulnerability is triggered by very large page sizes rather than large character coordinates. The vulnerability affects Xpdf versions up to (but not including) 4.05 (NVD).

The vulnerability manifests as a divide-by-zero error in Xpdf's text extraction code when processing PDF files with abnormally large page dimensions. This condition is specifically triggered during the text extraction process and was identified with CWE-369 (Divide By Zero). The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 (Low) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L (NVD).

The vulnerability can lead to a program crash through a divide-by-zero error when processing specially crafted PDF files. While the impact is limited to availability issues, it's worth noting that this condition is primarily found in fuzz testing scenarios and is unlikely to occur in normal PDF files (NVD).

The vulnerability has been fixed in Xpdf version 4.05. Users are advised to upgrade to this version or later to mitigate the issue. The fix addresses the divide-by-zero condition in the text extraction code (Xpdf Advisory).