(https://nvd.nist.gov/vuln/detail/CVE-2019-12515): There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service. @security, note repository at:https://github.com/PanguL4b/pocs has 1 repo...no reference to upstream (at the moment). Gentoo Security Padawan (domhnall)
Hi, this bug is fixed in xpdf-4.02 which is now in the tree.
Affected package wasn't stable. Repository is clean, all done.