CVE-2019-13291 — Out-of-bounds Read in Xpdfreader

CWE-125 — Out-of-bounds Read8 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 52.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Glyphandcog Xpdfreader

Timeline

PublishedJul 4

Latest updateMay 24

Description

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDglyphandcog/xpdfreader4.01.01

▶Ubuntufreedesktop/poppler< 0.41.0-0ubuntu1.14+1

🔴Vulnerability Details

GHSA

GHSA-wmrm-7x9c-wj29: In Xpdf 4↗2022-05-24

▶

OSV

CVE-2019-13291: In Xpdf 4↗2019-07-04

▶

CVEList

CVE-2019-13291: In Xpdf 4↗2019-07-04

▶

📋Vendor Advisories

Debian

CVE-2019-13291: xpdf - In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStrea...↗2019

▶

💬Community

Bugzilla

CVE-2019-13291 xpdf: heap-based buffer over-read in function DCTStream::readScan() in Stream.cc [epel-all]↗2019-07-09

▶

Bugzilla

CVE-2019-13291 xpdf: heap-based buffer over-read in function DCTStream::readScan() in Stream.cc↗2019-07-09

▶

Bugzilla

CVE-2019-13291 xpdf: heap-based buffer over-read in function DCTStream::readScan() in Stream.cc [fedora-all]↗2019-07-09

▶