CVE-2019-9877

Name of the Vulnerable Software and Affected Versions Xpdf version 4.01

Description The issue is related to an invalid memory access in the TextPage::findGaps() function, located in TextOutputDev.c. This can be triggered by sending a crafted pdf file to the pdftops binary, potentially allowing an attacker to cause a Denial of Service (Segmentation fault) or have other unspecified impacts.

Recommendations For Xpdf version 4.01, consider disabling the TextPage::findGaps() function as a temporary workaround until a patch is available. Restrict access to the pdftops binary to minimize the risk of exploitation. Avoid using crafted pdf files with the affected binary until the issue is resolved.