Xpdf buffer overflow vulnerability (CNVD-2019-31202)

Xpdf is an open source PDF reader from Foo Labs. The product supports decoding LZW compressed format files and read encrypted PDF files. A buffer overflow vulnerability exists in the IdentityFunction::transform of the Function.cc file in Xpdf version 4.01.01, which can be exploited by an attacker...

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

Stack overflow

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

CVE-2019-16115

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause...

PT-2019-14519 · Foolabs +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: A stack-based buffer under-read issue exists in the IdentityFunction::transform function in Function.cc, which is used by GfxAxialShading::getColor. This issue can be triggered by sending a crafted PDF docume...

poppler/pdf_fuzzer: Stack-buffer-overflow in IdentityFunction::transform

Detailed report: https://oss-fuzz.com/testcase?key=5728547742679040 Project: poppler Fuzzer: aflpopplerpdffuzzer Fuzz target binary: pdffuzzer Job Type: aflasanpoppler Platform Id: linux Crash Type: Stack-buffer-overflow READ 8 Crash Address: 0x7f65b2f91028 Crash State: IdentityFunction::transfor...