PT-2019-12762 · None · Xpdf

Mike Zhang

Publicado

2019-05-27

Atualizado

2020-07-10

CVE-2019-12360

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xpdf version 4.01.01

Description A stack-based buffer over-read issue exists in the FoFiTrueType::dumpString function. This can be triggered by sending crafted TrueType data in a PDF document to the pdftops tool, potentially allowing an attacker to cause Denial of Service or leak memory data into dump content.

Recommendations For Xpdf version 4.01.01, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2019-12360

DLA-1815-1

MGASA-2020-0291

Produtos afetados

Xpdf

PT-2019-12762 · None · Xpdf

CVE-2019-12360

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16