DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIANCVE:CVE-2019-10026", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2019-10026", "description": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.", "published": "2019-03-25T00:29:00", "modified": "2019-03-25T00:29:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://security-tracker.debian.org/tracker/CVE-2019-10026", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2019-10026"], "immutableFields": [], "lastseen": "2022-06-23T06:03:16", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-10026"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113413"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-10026"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-10026"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113413"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-10026"]}]}, "exploitation": null, "vulnersScore": 6.2}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "xpdf_3.04+git20220601-1_all.deb", "packageVersion": "3.04+git20220601-1", "operator": "lt", "status": "resolved", "packageName": "xpdf"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "xpdf_3.04+git20210103-3_all.deb", "packageVersion": "3.04+git20210103-3", "operator": "lt", "status": "resolved", "packageName": "xpdf"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "xpdf_3.04-13_all.deb", "packageVersion": "3.04-13", "operator": "lt", "status": "resolved", "packageName": "xpdf"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "xpdf_3.04+git20220601-1_all.deb", "packageVersion": "3.04+git20220601-1", "operator": "lt", "status": "resolved", "packageName": "xpdf"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "xpdf_3.04-4_all.deb", "packageVersion": "3.04-4", "operator": "lt", "status": "resolved", "packageName": "xpdf"}]}

{"cve": [{"lastseen": "2022-03-23T19:01:23", "description": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-03-25T00:29:00", "type": "cve", "title": "CVE-2019-10026", "cwe": ["CWE-369"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10026"], "modified": "2019-03-25T20:20:00", "cpe": ["cpe:/a:xpdfreader:xpdf:4.01.01"], "id": "CVE-2019-10026", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10026", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-01-21T20:34:59", "description": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function\nPostScriptFunction::exec in Function.cc for the psOpRoll case.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | xpdf in koffice is 2.0 \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | couldn't reproduce in poppler \n[ebarretto](<https://launchpad.net/~ebarretto>) | since 0.5.12-1 libextractor does not use xpdf anymore.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-03-25T00:00:00", "type": "ubuntucve", "title": "CVE-2019-10026", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10026"], "modified": "2019-03-25T00:00:00", "id": "UB:CVE-2019-10026", "href": "https://ubuntu.com/security/CVE-2019-10026", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-06T02:04:38", "description": "Xpdf is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-06-20T00:00:00", "type": "openvas", "title": "Xpdf <= 4.01.01 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12957", "CVE-2019-14292", "CVE-2019-10018", "CVE-2019-10022", "CVE-2019-12958", "CVE-2019-10023", "CVE-2019-14289", "CVE-2019-10026", "CVE-2019-14291", "CVE-2019-14288", "CVE-2019-10021", "CVE-2019-10020", "CVE-2019-10024", "CVE-2019-10025", "CVE-2019-14293", "CVE-2019-14294", "CVE-2019-14290", "CVE-2019-10019"], "modified": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562310113413", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113413", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113413\");\n script_version(\"2020-04-30T09:48:45+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 09:48:45 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-20 10:52:47 +0000 (Thu, 20 Jun 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2019-10018\", \"CVE-2019-10019\", \"CVE-2019-10020\", \"CVE-2019-10021\", \"CVE-2019-10022\", \"CVE-2019-10023\",\n \"CVE-2019-10024\", \"CVE-2019-10025\", \"CVE-2019-10026\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-14288\",\n \"CVE-2019-14289\", \"CVE-2019-14290\", \"CVE-2019-14291\", \"CVE-2019-14292\", \"CVE-2019-14293\", \"CVE-2019-14294\");\n\n script_name(\"Xpdf <= 4.01.01 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_xpdf_detect.nasl\");\n script_mandatory_keys(\"Xpdf/Linux/Ver\");\n\n script_tag(name:\"summary\", value:\"Xpdf is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case\n\n - FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes\n\n - FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters\n\n - FPE in the function ImageStream::ImageStream at Stream.cc for nComps\n\n - NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc\n\n - FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case\n\n - FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters\n\n - FPE in the function ImageStream::ImageStream at Stream.cc for nBits\n\n - FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case\n\n - A buffer over-read could be triggered in FOFIType1C::convertToType1 in fofi/FoFiType1C.cc when\n the index number is larger than the charset array bounds. It can, for example, be triggered by\n sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted PDF file\n to cause a Denial of Service or an information leak, or possibly have unspecified other impact.\n\n - A heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when\n it is trying to access the second privateDicts array element, because the array has only one element allowed.\n\n - integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the 'one byte per line' case\n\n - integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the 'multiple bytes per line' case\n\n - out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2\n\n - out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3\n\n - out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1\n\n - out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2\n\n - use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc due to an out of bounds read\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to crash the application\n or access sensitive information.\");\n\n script_tag(name:\"affected\", value:\"Xpdf through version 4.01.01.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.02 or later.\");\n\n script_xref(name:\"URL\", value:\"https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273\");\n script_xref(name:\"URL\", value:\"https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274\");\n script_xref(name:\"URL\", value:\"https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275\");\n script_xref(name:\"URL\", value:\"https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276\");\n script_xref(name:\"URL\", value:\"https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813\");\n script_xref(name:\"URL\", value:\"https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:foolabs:xpdf\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less_equal( version: version, test_version: \"4.01.01\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.02\", install_path: location );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}