Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-12360

Опубликовано: 27 мая 2019
Источник: redhat
CVSS3: 7.1

Описание

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

A stack-based buffer over-read flaw was found in the FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf, where it can be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. This flaw allows an attacker to cause a denial of service or to leak memory data into dump content. The highest threat from this vulnerability is to confidentiality and system availability.

Отчет

Red Hat Enterprise Linux 8 is not affected by this vulnerability because ships newer, already fixed version of poppler.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5popplerOut of support scope
Red Hat Enterprise Linux 6popplerOut of support scope
Red Hat Enterprise Linux 7popplerWill not fix
Red Hat Enterprise Linux 8popplerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1850876xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak

7.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-12360

CVSS3: 7.1
ubuntu
больше 6 лет назад

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

nvd логотип

CVE-2019-12360

CVSS3: 7.1
nvd
больше 6 лет назад

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

debian логотип

CVE-2019-12360

CVSS3: 7.1
debian
больше 6 лет назад

A stack-based buffer over-read exists in FoFiTrueType::dumpString in f ...

github логотип

GHSA-h895-jpgg-q54p

github
больше 3 лет назад

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

7.1 High

CVSS3