CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13291
https://notcve.org/view.php?id=CVE-2019-13291
04 Jul 2019 — In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure. En Xpdf versión 4.01.01, se presenta una lectura excesiva del búfer en la región heap de la memoria en la función DCTStream::readScan() ubicada en el archivo Stream.cc. Por ejemplo, puede ser activada enviando un documento PDF creado a la herramie... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41818 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13289
https://notcve.org/view.php?id=CVE-2019-13289
04 Jul 2019 — In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. En Xpdf versión 4.01.01, presenta una vulnerabilidad de uso de la memoria previamente liberada en la función JBIG2Stream::close() ubicada en el archivo JBIG2Stream.cc. Por ejemplo, puede ser activada enviando un documento PDF creado hacia la herramienta pdftoppm. • https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream • CWE-416: Use After Free •
CVSS: 5.5EPSS: 3%CPEs: 1EXPL: 4CVE-2019-13288
https://notcve.org/view.php?id=CVE-2019-13288
04 Jul 2019 — In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. En Xpdf versión 4.01.01, la función Parser::getObj() en el archivo Parser.cc puede causar una recursión infinita por medio de un archivo creado. Un atacante remoto puede aprovechar esto para un ataque de DoS. • https://github.com/Fineas/CVE-2019-13288-POC • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13287
https://notcve.org/view.php?id=CVE-2019-13287
04 Jul 2019 — In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368. En Xpdf versión 4.01.01, presenta una vulnerabilidad de lectura fuera de límites en la función SplashXPath::strokeAdjust() ubicada en el archivo splash/SplashXPath.cc. • https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13286
https://notcve.org/view.php?id=CVE-2019-13286
04 Jul 2019 — In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. En Xpdf versión 4.01.01, presenta una lectura excesiva del búfer en la región heap de la memoria en la función JBIG2Stream::readTextRegionSeg() ubicada en el archivo JBIG2Stream.cc. Por ejemplo, puede ser activada enviando un docu... • https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13283
https://notcve.org/view.php?id=CVE-2019-13283
04 Jul 2019 — In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. En Xpdf versión 4.01.01, se podría desencadenar una lectura ... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13282
https://notcve.org/view.php?id=CVE-2019-13282
04 Jul 2019 — In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. In Xpdf versión 4.01.01, se podría desencadenar una lectura excesiva del búfer en la región heap de la memoria en la función en Sa... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13281
https://notcve.org/view.php?id=CVE-2019-13281
04 Jul 2019 — In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. En Xpdf versión 4.01.01, se podría desencadenar una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en DCTStream::decod... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12958
https://notcve.org/view.php?id=CVE-2019-12958
24 Jun 2019 — In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated. En Xpdf versión 4.01.01, se podría desencadenar una lectura excesiva del búfer en la región heap de la memoria en la función FoFiType1C::convertToType0 en el archivo fofi/FoFiType1C.cc cuando se intenta acceder al segundo elemento de la matriz privateDicts, debido... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-12957
https://notcve.org/view.php?id=CVE-2019-12957
24 Jun 2019 — In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. En Xpdf versión 4.01.01, una lectura excesiva del búfer podría activarse en la función FoFiType1C::convertToTyp... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •