logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-13281

Description

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. #### Notes Author| Note ---|--- [jdstrand](<https://launchpad.net/~jdstrand>) | xpdf in koffice is 2.0 [mdeslaur](<https://launchpad.net/~mdeslaur>) | poppler has additional checks and improved logic in the memory allocation function, reproducer doesn't work. [ebarretto](<https://launchpad.net/~ebarretto>) | since 0.5.12-1 libextractor does not use xpdf anymore.


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream ipe any
ubuntu upstream libextractor any
ubuntu upstream poppler any
ubuntu 22.04 xpdf any
ubuntu 16.04 xpdf any

Related