CVE-2019-13286

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 44.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Fedora Glyphandcog Xpdfreader

Timeline

PublishedJul 4

Latest updateMay 24

Description

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDglyphandcog/xpdfreader4.01.01

▶Ubuntupoppler< 0.41.0-0ubuntu1.14+1

Also affects: Fedora 29, 30, 31

🔴Vulnerability Details

GHSA

GHSA-2993-5qvm-pg7x: In Xpdf 4↗2022-05-24

▶

OSV

CVE-2019-13286: In Xpdf 4↗2019-07-04

▶

CVEList

CVE-2019-13286: In Xpdf 4↗2019-07-04

▶

📋Vendor Advisories

Debian

CVE-2019-13286: xpdf - In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Str...↗2019

▶

💬Community

Bugzilla

CVE-2019-13286 xpdf: heap-based buffer over-read in function JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc [epel-all]↗2019-07-09

▶

Bugzilla

CVE-2019-13286 xpdf: heap-based buffer over-read in function JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc [fedora-all]↗2019-07-09

▶

Bugzilla

CVE-2019-13286 xpdf: heap-based buffer over-read in function JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc↗2019-07-09

▶