CVE-2019-13287 — Out-of-bounds Read in Xpdfreader

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 57.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Glyphandcog Xpdfreader

Timeline

PublishedJul 4

Latest updateMay 24

Description

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDglyphandcog/xpdfreader4.01.01

▶Ubuntufreedesktop/poppler< 0.41.0-0ubuntu1.14+1

🔴Vulnerability Details

GHSA

GHSA-p9qv-hhrp-m74q: In Xpdf 4↗2022-05-24

▶

OSV

CVE-2019-13287: In Xpdf 4↗2019-07-04

▶

CVEList

CVE-2019-13287: In Xpdf 4↗2019-07-04

▶

📋Vendor Advisories

Debian

CVE-2019-13287: xpdf - In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function Sp...↗2019

▶

💬Community

Bugzilla

CVE-2019-13287 xpdf: out-of-bounds read in function SplashXPath::strokeAdjust() in splash/SplashXPath.cc [fedora-all]↗2019-07-09

▶

Bugzilla

CVE-2019-13287 xpdf: out-of-bounds read in function SplashXPath::strokeAdjust() in splash/SplashXPath.cc [epel-all]↗2019-07-09

▶

Bugzilla

CVE-2019-13287 xpdf: out-of-bounds read in function SplashXPath::strokeAdjust() in splash/SplashXPath.cc↗2019-07-09

▶