CVE-2019-12360

Published: May 27, 2019Modified: Nov 21, 2024

7.1

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

Affected (1)

Products: Glyphandcog: Xpdfreader

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Glyphandcog Xpdfreader	Version 4.01.01

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (8)

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801

Source: cve@mitre.org

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/

Source: cve@mitre.org

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJ3GYFINXANXTQEDN5SON47IJA5277RU/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IQBAHQQF2P7E6PL5STST3TGH7VPVXKKQ/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.