logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-12958

Description

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated. #### Notes Author| Note ---|--- [jdstrand](<https://launchpad.net/~jdstrand>) | xpdf in koffice is 2.0 [mdeslaur](<https://launchpad.net/~mdeslaur>) | looks like CVE-2017-14976 in poppler [ebarretto](<https://launchpad.net/~ebarretto>) | since 0.5.12-1 libextractor does not use xpdf anymore.


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream ipe any
ubuntu upstream libextractor any
ubuntu 18.10 poppler 0.57.0-2ubuntu4
ubuntu 19.04 poppler 0.57.0-2ubuntu4
ubuntu 19.10 poppler 0.57.0-2ubuntu4
ubuntu 20.04 poppler 0.57.0-2ubuntu4
ubuntu 20.10 poppler 0.57.0-2ubuntu4
ubuntu 21.04 poppler 0.57.0-2ubuntu4
ubuntu 21.10 poppler 0.57.0-2ubuntu4
ubuntu 22.04 poppler 0.57.0-2ubuntu4
ubuntu upstream poppler any
ubuntu 16.04 poppler 0.41.0-0ubuntu1.6
ubuntu 22.04 xpdf any
ubuntu upstream xpdf any
ubuntu 16.04 xpdf any

Related