CVE-2019-9587
Summary
| CVE | CVE-2019-9587 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-06 08:29:00 UTC |
| Updated | 2019-03-06 23:09:00 UTC |
| Description | There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Glyphandcog | Xpdfreader | 4.01 | All | All | All |
| Application | Glyphandcog | Xpdfreader | 4.01 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Stack based buffer overflow vulnerability in function md5Round1( ) – xpdf-4.01 - forum.xpdfreader.com | MISC | forum.xpdfreader.com | Exploit, Third Party Advisory |
| CVE-2019-9587: Stack consumption issue in function md5Round1( ) - xpdf-4.01 - Loginsoft Research | MISC | research.loginsoft.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.