Home

CVE-2019-13283

Description

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.421

Associated Vulnerability

VulnerabilityOS Platform
PDF rendering library (USN-4646-1) libpoppler58_0.41.0-0ubuntu1.15_i386.debLinux
PDF rendering library (USN-4646-1) libpoppler58_0.41.0-0ubuntu1.15_amd64.debLinux
PDF rendering library (USN-4646-1) libpoppler73_0.62.0-2ubuntu2.11_i386.debLinux
PDF rendering library (USN-4646-1) libpoppler73_0.62.0-2ubuntu2.11_amd64.debLinux
PDF rendering library (USN-4646-1) poppler-utils_0.41.0-0ubuntu1.15_i386.debLinux
PDF rendering library (USN-4646-1) poppler-utils_0.41.0-0ubuntu1.15_amd64.debLinux
PDF rendering library (USN-4646-1) poppler-utils_0.62.0-2ubuntu2.11_i386.debLinux
PDF rendering library (USN-4646-1) poppler-utils_0.62.0-2ubuntu2.11_amd64.debLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) libpoppler-glib8-0.43.0-16.22.1.x86_64.rpmLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) libpoppler-glib8-debuginfo-0.43.0-16.22.1.x86_64.rpmLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) libpoppler-qt4-4-0.43.0-16.22.1.x86_64.rpmLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) libpoppler-qt4-4-debuginfo-0.43.0-16.22.1.x86_64.rpmLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) libpoppler60-0.43.0-16.22.1.x86_64.rpmLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) libpoppler60-debuginfo-0.43.0-16.22.1.x86_64.rpmLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) poppler-debugsource-0.43.0-16.22.1.x86_64.rpmLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) poppler-tools-0.43.0-16.22.1.x86_64.rpmLinux
SUSE-SU-2023:0494-1(SUSE Linux Enterprise Server 12 SP5 ) poppler-tools-debuginfo-0.43.0-16.22.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234