Back to search
CVE-2019-12360
Published: May 27, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801
x_refsource_MISC
[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update
mailing-list
x_refsource_MLIST
FEDORA-2020-f34d97b1fd
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-de27bb80af
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now