logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-12515

Description

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service. #### Notes Author| Note ---|--- [jdstrand](<https://launchpad.net/~jdstrand>) | xpdf in koffice is 2.0 [mdeslaur](<https://launchpad.net/~mdeslaur>) | can't reproduce with poppler, no indication it is affected [ebarretto](<https://launchpad.net/~ebarretto>) | since 0.5.12-1 libextractor does not use xpdf anymore.


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream ipe any
ubuntu upstream libextractor any
ubuntu upstream poppler any
ubuntu 22.04 xpdf any
ubuntu upstream xpdf any
ubuntu 16.04 xpdf any

Related