CVE-2019-12360 — Out-of-bounds Read in Xpdfreader
Severity
7.1HIGHNVD
EPSS
0.4%
top 42.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 27
Latest updateMay 24
Description
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-h895-jpgg-q54p: A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType↗2022-05-24
CVEList▶
CVE-2019-12360: A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType↗2019-05-27
OSV▶
CVE-2019-12360: A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType↗2019-05-27
📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2019-12360 mingw-poppler: xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak [fedora-all]↗2020-06-25
Bugzilla▶
CVE-2019-12360 xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak [fedora-all]↗2020-06-25
Bugzilla▶
CVE-2019-12360 poppler: xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak [fedora-all]↗2020-06-25
Bugzilla▶
CVE-2019-12360 xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak↗2020-06-25
Bugzilla▶
CVE-2019-12360 xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak [epel-all]↗2020-06-25