CVE-2019-9878
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Hay un acceso inválido a la memoria en la función GfxIndexedColorSpace::mapColorToBase(), ubicada en GfxState.cc en Xpdf 4.0.0, tal y como se emplea en pdfalto 0.2. Esto puede desencadenarse, por ejemplo, mediante el envío de un archivo pdf manipulado al binario pdftops. Permite que un atacante provoque una denegación de servicio (fallo de segmentación) o, posiblemente, otro impacto sin especificar.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-19 CVE Reserved
- 2019-03-19 CVE Published
- 2023-12-18 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/kermitt2/pdfalto/issues/46 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pdfalto Project Search vendor "Pdfalto Project" | Pdfalto Search vendor "Pdfalto Project" for product "Pdfalto" | 0.2 Search vendor "Pdfalto Project" for product "Pdfalto" and version "0.2" | - |
Affected
| ||||||
Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | 4.0.0 Search vendor "Xpdfreader" for product "Xpdf" and version "4.0.0" | - |
Affected
|