Vulnerability CVE-2019-9587: Information

Description

There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9587
Published: March 6, 2019
Modified: March 7, 2019
Error type identifier: CWE-400

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
xpdfsisyphus4.05-alt14.05-alt1ALT-PU-2024-7465-3347491Fixed
xpdfsisyphus_e2k4.05-alt14.05-alt1ALT-PU-2024-7502-1-Fixed
xpdfsisyphus_riscv644.05-alt14.05-alt1ALT-PU-2024-7493-1-Fixed
xpdfsisyphus_loongarch644.05-alt14.05-alt1ALT-PU-2024-7487-1-Fixed
xpdfp104.05-alt14.04-alt1ALT-PU-2024-7467-2347494Testing

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/
  • Exploit
  • Third Party Advisory
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263
  • Exploit
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.1
Back to top