FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Xpdf -- Multiple Vulnerabilities

Affected packages
xpdf < 4.02,1
xpdf4 < 4.02,1
xpdf3 < 3.04_11

Details

VuXML ID 791e8f79-e7d1-11e9-8b31-206a8a720317
Discovery 2019-10-01
Entry 2019-10-06

Xpdf 4.02 fixes two vulnerabilities. Both fixes have been backported to 3.04.

An invalid memory access vulnerability in TextPage::findGaps() in Xpdf 4.01 through a crafted PDF document can cause a segfault.

[source]

An out of bounds write exists in TextPage::findGaps() of Xpdf 4.01.01

[source]

References

URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1692
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9877
URL https://nvd.nist.gov/vuln/detail/CVE-2019-16927
URL https://nvd.nist.gov/vuln/detail/CVE-2019-9877

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »