CVE-2020-23872 — CVSS 7.5 (high): A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).
CVE-2020-23876 — CVSS 7.5 (high): pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.