Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-12360

Опубликовано: 27 мая 2019
Источник: debian

Описание

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
xpdfnot-affectedpackage
popplerfixed0.38.0-2package

Примечания

  • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801

  • https://gitlab.freedesktop.org/poppler/poppler/commit/cdb7ad95f7c8fbf63ade040d8a07ec96467042fc (poppler-0.32.0)

  • https://gitlab.freedesktop.org/poppler/poppler/commit/bf4aae25a244b1033a2479b9a8f633224f7d5de5 (poppler-0.32.0)

  • https://bugs.freedesktop.org/show_bug.cgi?id=85243

  • https://bugzilla.suse.com/show_bug.cgi?id=1136620

Связанные уязвимости

ubuntu логотип

CVE-2019-12360

CVSS3: 7.1
ubuntu
больше 6 лет назад

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

redhat логотип

CVE-2019-12360

CVSS3: 7.1
redhat
больше 6 лет назад

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

nvd логотип

CVE-2019-12360

CVSS3: 7.1
nvd
больше 6 лет назад

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

github логотип

GHSA-h895-jpgg-q54p

github
больше 3 лет назад

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.