CVE-2019-9589

Name of the Vulnerable Software and Affected Versions Xpdf version 4.01

Description The issue is related to a NULL pointer dereference vulnerability in the setupResources() function located in PSOutputDev.cc. This can be triggered by sending a crafted pdf file to the pdftops binary, for example. The impact includes causing a Denial of Service (Segmentation fault) or possibly having unspecified other effects.

Recommendations For Xpdf version 4.01, consider avoiding the use of the pdftops binary with untrusted pdf files until a fix is available. As a temporary workaround, restrict access to the PSOutputDev::setupResources() function to minimize the risk of exploitation.