CVE-2019-9589 — NULL Pointer Dereference in Xpdfreader

CWE-476 — NULL Pointer Dereference8 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 51.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Glyphandcog Xpdfreader

Timeline

PublishedMar 6

Latest updateMay 14

Description

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDglyphandcog/xpdfreader4.01

▶Ubuntufreedesktop/poppler< 0.41.0-0ubuntu1.13+1

🔴Vulnerability Details

GHSA

GHSA-rqjc-3v8q-4cw6: There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev↗2022-05-14

▶

OSV

CVE-2019-9589: There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev↗2019-03-06

▶

CVEList

CVE-2019-9589: There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev↗2019-03-06

▶

📋Vendor Advisories

Debian

CVE-2019-9589: xpdf - There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources...↗2019

▶

💬Community

Bugzilla

CVE-2019-9587 CVE-2019-9588 CVE-2019-9589 xpdf: various flaws [fedora-all]↗2019-03-11

▶

Bugzilla

CVE-2019-9587 CVE-2019-9588 CVE-2019-9589 xpdf: various flaws [epel-all]↗2019-03-11

▶

Bugzilla

CVE-2019-9589 xpdf: null-pointer dereference in function PSOutputDev::setupResources( ) in PSOutputDev.cc↗2019-03-11

▶