CVE-2019-13291

Name of the Vulnerable Software and Affected Versions Xpdf version 4.01.01

Description The issue is a heap-based buffer over-read in the DCTStream::readScan() function, located at Stream.cc. This can be triggered by sending a crafted PDF document to the pdftops tool, potentially allowing an attacker to cause Information Disclosure.

Recommendations For Xpdf version 4.01.01, consider restricting the use of the pdftops tool until a patch is available, and avoid processing crafted PDF documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.