Multiple vulnerabilities in Xpdf

Published: 2019-03-25 | Updated: 2019-07-29

Risk	High
Patch available	NO
Number of vulnerabilities	21
CVE-ID	CVE-2019-10018 CVE-2019-12360 CVE-2019-12493 CVE-2019-14293 CVE-2019-12515 CVE-2019-12958 CVE-2019-12957 CVE-2019-13283 CVE-2019-13282 CVE-2019-13281 CVE-2019-13291 CVE-2019-13289 CVE-2019-13288 CVE-2019-13287 CVE-2019-13286 CVE-2019-14292 CVE-2019-14291 CVE-2019-14290 CVE-2019-14289 CVE-2019-14288 CVE-2019-14294
CWE-ID	CWE-399 CWE-125 CWE-122 CWE-416 CWE-835 CWE-190
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #15 is available. Public exploit code for vulnerability #16 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #18 is available. Public exploit code for vulnerability #19 is available. Public exploit code for vulnerability #20 is available. Public exploit code for vulnerability #21 is available.
Vulnerable software	xpdf Client/Desktop applications / Office applications
Vendor	Glyph & Cog

Security Bulletin

This security bulletin contains information about 21 vulnerabilities.

1) Resource management error

EUVDB-ID: #VU19558

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-10018

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a floating point exception within the PostScriptFunction::exec() function in Function.cc for the psOpIdiv case. A remote attacker can create a specially crafted PDF file, pass it to the application and perform denial of service attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276
https://usn.ubuntu.com/4042-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Out-of-bounds read

EUVDB-ID: #VU19556

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-12360

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the FoFiTrueType::dumpString() function in fofi/FoFiTrueType.cc. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger stack-based out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801
https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Out-of-bounds read

EUVDB-ID: #VU19555

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-12493

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the PostScriptFunction::transform() function in Function.cc. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger stack-based out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41806

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Out-of-bounds read

EUVDB-ID: #VU19548

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-14293

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the GfxPatchMeshShading::parse() function in GfxState.cc for typeA!=6 case 2. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Out-of-bounds read

EUVDB-ID: #VU19547

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-12515

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the function FlateStream::getChar() located at Stream.cc. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Out-of-bounds read

EUVDB-ID: #VU19546

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-12958

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the FoFiType1C::convertToType0() function in fofi/FoFiType1C.cc. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Out-of-bounds read

EUVDB-ID: #VU19545

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-12957

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the FoFiType1C::convertToType1() function in fofi/FoFiType1C.cc. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Out-of-bounds read

EUVDB-ID: #VU19543

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-13283

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the FoFiType1::parse() function in fofi/FoFiType1.cc, when processing PDF files. A remote attacker can perform a denial of service attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Out-of-bounds read

EUVDB-ID: #VU19542

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-13282

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the SampledFunction::transform() function in Function.cc. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Heap-based buffer overflow

EUVDB-ID: #VU19541

Risk: High

CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2019-13281

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the DCTStream::decodeImage() function in Stream.cc. A remote attacker can create a specially crafted PDF file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Out-of-bounds read

EUVDB-ID: #VU19540

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-13291

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function DCTStream::readScan() in Stream.cc. A remote attacker can perform a denial of service attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41818

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Use-after-free

EUVDB-ID: #VU19539

Risk: High

CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2019-13289

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the JBIG2Stream::close() function in JBIG2Stream.cc. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-use-after-free_JBIG2Stream

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) Infinite loop

EUVDB-ID: #VU19538

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-13288

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the Parser::getObj() function in Parser.cc when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

14) Out-of-bounds read

EUVDB-ID: #VU19537

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-13287

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the function SplashXPath::strokeAdjust() in splash/SplashXPath.cc. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-SplashXPath__strokeAdjust

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

15) Out-of-bounds read

EUVDB-ID: #VU19536

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-13286

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. A remote attacker can perform a denial of service attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

16) Out-of-bounds read

EUVDB-ID: #VU19535

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-14292

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the GfxPatchMeshShading::parse function in GfxState.cc for typeA!=6 case 1. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

17) Out-of-bounds read

EUVDB-ID: #VU19534

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-14291

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the GfxPatchMeshShading::parse function in GfxState.cc for typeA==6 case 3. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

18) Out-of-bounds read

EUVDB-ID: #VU19533

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-14290

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the GfxPatchMeshShading::parse function in GfxState.cc for typeA==6 case 2. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Integer overflow

EUVDB-ID: #VU19531

Risk: High

CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2019-14289

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the JBIG2Bitmap::combine in JBIG2Stream.cc for the "multiple bytes per line" case. A remote attacker can create a specially crafted PDF file, pass it to the affected application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

20) Integer overflow

EUVDB-ID: #VU19530

Risk: High

CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2019-14288

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the JBIG2Bitmap::combine in JBIG2Stream.cc for the "one byte per line" case. A remote attacker can create a specially crafted PDF file, pass it to the affected application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

21) Out-of-bounds read

EUVDB-ID: #VU19529

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-14294

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing PDF files within the JPXStream::fillReadBuf() function in JPXStream.cc. A remote attacker can create a specially crafted PDF file, pass it to the affected application, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

xpdf: 4.01.01

CPE2.3

cpe:2.3:a:glyph_and_cog:xpdf:4.01.01:*:*:*:*:*:*:*

External links

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851
https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.