The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
Exploitability
AV:NAC:MAu:NImpact
C:NI:NA:P4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P