CVE-2019-9587

Name of the Vulnerable Software and Affected Versions Xpdf version 4.01

Description A stack consumption issue exists in the md5Round1() function located in Decrypt.cc. This issue can be triggered by sending a crafted pdf file to the pdfimages binary, allowing an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. The issue is related to Catalog::countPageTree.

Recommendations For Xpdf version 4.01, consider disabling the md5Round1() function as a temporary workaround until a patch is available. Restrict access to the pdfimages binary to minimize the risk of exploitation. Avoid using crafted pdf files that may trigger the stack consumption issue until the issue is resolved.