FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Xpdf -- Multiple Vulnerabilities

Affected packages
xpdf < 4.02,1
xpdf4 < 4.02,1
xpdf3 < 3.04_11

Details

VuXML ID 791e8f79-e7d1-11e9-8b31-206a8a720317
Discovery 2019-10-01
Entry 2019-10-06

Xpdf 4.02 fixes two vulnerabilities. Both fixes have been backported to 3.04.

An invalid memory access vulnerability in TextPage::findGaps() in Xpdf 4.01 through a crafted PDF document can cause a segfault.

[source]

An out of bounds write exists in TextPage::findGaps() of Xpdf 4.01.01

[source]

References

URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1692
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9877
URL https://nvd.nist.gov/vuln/detail/CVE-2019-16927
URL https://nvd.nist.gov/vuln/detail/CVE-2019-9877

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.