Xpdf buffer overflow vulnerability (CNVD-2019-31202)

Xpdf is an open source PDF reader from Foo Labs. The product supports decoding LZW compressed format files and read encrypted PDF files. A buffer overflow vulnerability exists in the IdentityFunction::transform of the Function.cc file in Xpdf version 4.01.01, which can be exploited by an attacker...

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

PT-2019-14519 · Foolabs +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: A stack-based buffer under-read issue exists in the IdentityFunction::transform function in Function.cc, which is used by GfxAxialShading::getColor. This issue can be triggered by sending a crafted PDF docume...