CVE-2019-16115: High severity glyph & cog xpdfreader vulnerability

Published Sep 8, 2019

Updated

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.

Affected Software

1 affected component

Glyphandcog Xpdfreader=4.01.01

Event History

Sep 8, 2019

CVE Published

via MITRE·09:47 PM

Data Sourced

via MITRE·09:47 PM

Description

Frequently Asked Questions

What is the severity of CVE-2019-16115?

The severity of CVE-2019-16115 is high (7.8).

How does CVE-2019-16115 affect Xpdf 4.01.01?

CVE-2019-16115 affects Xpdf 4.01.01 by causing a stack-based buffer under-read in IdentityFunction::transform, which is used by GfxAxialShading::getColor.

How can CVE-2019-16115 be triggered?

CVE-2019-16115 can be triggered by sending a crafted PDF document to the pdftoppm tool.

What can an attacker do with CVE-2019-16115?

An attacker can use a crafted PDF file to cause Denial of Service or potentially execute arbitrary code.

Is there a fix available for CVE-2019-16115?

Yes, upgrading to a version of Xpdf that is not affected by CVE-2019-16115 (4.01.02 or later) is recommended.

CVE-2019-16115: High severity glyph & cog xpdfreader vulnerability

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2019-16115?

How does CVE-2019-16115 affect Xpdf 4.01.01?

How can CVE-2019-16115 be triggered?

What can an attacker do with CVE-2019-16115?

Is there a fix available for CVE-2019-16115?

Company

Resources

Contact