PT-2019-13241 · Xpdf · Xpdf

Published

2019-07-04

Updated

2019-07-09

CVE-2019-13289

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xpdf version 4.01.01

Description A use-after-free issue exists in the JBIG2Stream::close() function, located at JBIG2Stream.cc. This can be triggered by sending a crafted PDF document to the pdftoppm tool.

Recommendations For Xpdf version 4.01.01, consider disabling the JBIG2Stream::close() function as a temporary workaround until a patch is available. Restrict access to the pdftoppm tool to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2019-13289

Affected Products

Xpdf

PT-2019-13241 · Xpdf · Xpdf

CVE-2019-13289

Weakness Enumeration

Related Identifiers

Affected Products

References · 7