Back to search
CVE-2019-12493
Published: May 31, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41806
x_refsource_MISC
[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update
mailing-list
x_refsource_MLIST
FEDORA-2019-a457286734
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-01da705767
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-759ba8202b
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now