CVE-2019-9587 — Uncontrolled Resource Consumption in Xpdfreader

CWE-400 — Uncontrolled Resource Consumption8 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 43.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Glyphandcog Xpdfreader

Timeline

PublishedMar 6

Latest updateMay 14

Description

There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDglyphandcog/xpdfreader4.01

🔴Vulnerability Details

GHSA

GHSA-ppx8-qq3q-gfv8: There is a stack consumption issue in md5Round1() located in Decrypt↗2022-05-14

▶

CVEList

CVE-2019-9587: There is a stack consumption issue in md5Round1() located in Decrypt↗2019-03-06

▶

OSV

CVE-2019-9587: There is a stack consumption issue in md5Round1() located in Decrypt↗2019-03-06

▶

📋Vendor Advisories

Debian

CVE-2019-9587: xpdf - There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf ...↗2019

▶

💬Community

Bugzilla

CVE-2019-9587 xpdf: stack consumption in function md5Round1() in Decrypt.cc↗2019-03-11

▶

Bugzilla

CVE-2019-9587 CVE-2019-9588 CVE-2019-9589 xpdf: various flaws [fedora-all]↗2019-03-11

▶

Bugzilla

CVE-2019-9587 CVE-2019-9588 CVE-2019-9589 xpdf: various flaws [epel-all]↗2019-03-11

▶