Freedesktop Poppler vulnerabilities

CVE-2019-12957 [HIGH] CVE-2019-12957: In Xpdf 4 In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.

CVE-2019-12958 [MEDIUM] CVE-2019-12958: In Xpdf 4 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.

CVE-2019-12515 [HIGH] CVE-2019-12515: There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.

CVE-2019-12493 [HIGH] CVE-2019-12493: A stack-based buffer over-read exists in PostScriptFunction::transform in Function A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.

CVE-2019-12360 [HIGH] CVE-2019-12360: A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

CVE-2019-12293 [HIGH] CWE-125 CVE-2019-12293: In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stre In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.

CVE-2019-11026 [MEDIUM] CWE-674 CVE-2019-11026: FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a cal FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

CVE-2019-10872 [HIGH] CWE-125 CVE-2019-10872: An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Sp An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

CVE-2019-10871 [MEDIUM] CWE-125 CVE-2019-10871: An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PS An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

CVE-2019-10873 [MEDIUM] CWE-476 CVE-2019-10873: An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function Splas An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.

CVE-2019-10026 [MEDIUM] CVE-2019-10026: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.

CVE-2019-10020 [MEDIUM] CVE-2019-10020: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.

CVE-2019-10022 [MEDIUM] CVE-2019-10022: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.

CVE-2019-10025 [MEDIUM] CVE-2019-10025: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.

CVE-2019-10024 [MEDIUM] CVE-2019-10024: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.

CVE-2019-10018 [MEDIUM] CVE-2019-10018: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

CVE-2019-10021 [MEDIUM] CVE-2019-10021: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.

CVE-2019-10023 [MEDIUM] CVE-2019-10023: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.

CVE-2019-10019 [MEDIUM] CVE-2019-10019: An issue was discovered in Xpdf 4 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

CVE-2019-9877 [HIGH] CVE-2019-9877: There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.