Bug 1850876 (CVE-2019-12360) - CVE-2019-12360 xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak
Summary: CVE-2019-12360 xpdf: buffer over-read via crafted PDF document leads to DoS o...
Keywords:
Status: NEW
Alias: CVE-2019-12360
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1850877 1850879 1850880 1850881 1850904 1850905
Blocks: 1850878
TreeView+ depends on / blocked
 
Reported: 2020-06-25 05:36 UTC by msiddiqu
Modified: 2024-03-20 10:32 UTC (History)
13 users (show)

Fixed In Version: poppler 0.32.0
Doc Type: If docs needed, set a value
Doc Text:
A stack-based buffer over-read flaw was found in the FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf, where it can be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. This flaw allows an attacker to cause a denial of service or to leak memory data into dump content. The highest threat from this vulnerability is to confidentiality and system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description msiddiqu 2020-06-25 05:36:25 UTC
A stack-based buffer over-read exists in FoFiTrueType::dumpString in
fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by
sending crafted TrueType data in a PDF document to the pdftops tool. It might
allow an attacker to cause Denial of Service or leak memory data into dump
content.

References:

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801
https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html

Comment 1 msiddiqu 2020-06-25 05:39:29 UTC
Created mingw-poppler tracking bugs for this issue:

Affects: fedora-all [bug 1850881]


Created poppler tracking bugs for this issue:

Affects: fedora-all [bug 1850880]


Created xpdf tracking bugs for this issue:

Affects: epel-all [bug 1850879]
Affects: fedora-all [bug 1850877]


Note You need to log in before you can comment on or make changes to this bug.