CVE-2019-13289 — Use After Free in Xpdfreader

CWE-416 — Use After Free8 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 47.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Glyphandcog Xpdfreader

Timeline

PublishedJul 4

Latest updateMay 24

Description

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Ubuntufreedesktop/poppler< 0.41.0-0ubuntu1.14+1

▶NVDglyphandcog/xpdfreader4.01.01

🔴Vulnerability Details

GHSA

GHSA-9gpr-p7h6-pgxm: In Xpdf 4↗2022-05-24

▶

CVEList

CVE-2019-13289: In Xpdf 4↗2019-07-04

▶

OSV

CVE-2019-13289: In Xpdf 4↗2019-07-04

▶

📋Vendor Advisories

Debian

CVE-2019-13289: xpdf - In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2St...↗2019

▶

💬Community

Bugzilla

CVE-2019-13289 xpdf: use-after-free in function JBIG2Stream::close() in JBIG2Stream.cc [fedora-all]↗2019-07-10

▶

Bugzilla

CVE-2019-13289 xpdf: use-after-free in function JBIG2Stream::close() in JBIG2Stream.cc↗2019-07-10

▶

Bugzilla

CVE-2019-13289 xpdf: use-after-free in function JBIG2Stream::close() in JBIG2Stream.cc [epel-all]↗2019-07-10

▶