CVE-2019-13283

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xpdf version 4.01.01

Description A heap-based buffer over-read issue exists due to the lack of validation of the source string's length before making a fixed-length copy in the strncpy function from FoFiType1::parse in fofi/FoFiType1.cc. This can be triggered by sending a crafted PDF document to the pdftotext tool, potentially allowing an attacker to cause Denial of Service, information leak, or have unspecified other impact.

Recommendations For Xpdf version 4.01.01, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-13283

SUSE-SU-2023:0480-1

SUSE-SU-2023:0494-1

SUSE-SU-2023:0496-1

SUSE-SU-2023_0496-1

USN-4646-1

USN-4646-2

Affected Products

Suse

Ubuntu

Xpdf

CVE-2019-13283

Weakness Enumeration

Related Identifiers

Affected Products

References · 29