CVE-2019-13283
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
En Xpdf versión 4.01.01, se podría desencadenar una lectura excesiva del búfer en la región heap de la memoria en la función strncpy desde FoFiType1::parse en fofi/FoFiType1.cc porque no garantiza que la cadena de origen tenga una longitud válida antes de realizar una copia de longitud fija. Por ejemplo, puede activarse enviando un documento PDF elaborado a la herramienta pdftotext. Permite a un atacante usar un archivo pdf creado para provocar la denegación de servicio o una fuga de información, o posiblemente tener otro impacto no especificado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-07-04 CVE Reserved
- 2019-07-04 CVE Published
- 2024-06-27 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 4.01.01 Search vendor "Glyphandcog" for product "Xpdfreader" and version "4.01.01" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
|