CVE-2019-13281

Name of the Vulnerable Software and Affected Versions Xpdf version 4.01.01

Description A heap-based buffer overflow can occur in the DCTStream::decodeImage() function in Stream.cc when writing to frameBuf memory. This issue can be triggered by sending a crafted PDF document to the pdftotext tool, potentially allowing an attacker to cause Denial of Service, an information leak, or possibly unspecified other impact.

Recommendations For Xpdf version 4.01.01, consider disabling the DCTStream::decodeImage() function until a patch is available to prevent potential exploitation. Restrict the use of the pdftotext tool with untrusted PDF documents to minimize the risk of Denial of Service or information leak.