687608 – (CVE-2019-12515) <app-text/xpdf-4.02: out-of-bounds read vulnerability in the function FlateStream::getChar() in Stream.cc (CVE-2019-12515)

Bug 687608 (CVE-2019-12515) - <app-text/xpdf-4.02: out-of-bounds read vulnerability in the function FlateStream::getChar() in Stream.cc (CVE-2019-12515)

Summary: <app-text/xpdf-4.02: out-of-bounds read vulnerability in the function FlateSt...

Status:	RESOLVED FIXED

Alias:	CVE-2019-12515

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://forum.xpdfreader.com/viewtopi...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2019-06-08 01:29 UTC by D'juan McDonald (domhnall)
Modified:	2020-03-02 16:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2019-06-08 01:29:35 UTC

(https://nvd.nist.gov/vuln/detail/CVE-2019-12515):

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.

@security, note repository at:https://github.com/PanguL4b/pocs has 1 repo...no reference to upstream (at the moment).



Gentoo Security Padawan
(domhnall)

Comment 1 Andrew Savchenko gentoo-dev

2019-10-23 14:37:38 UTC

Hi,

this bug is fixed in xpdf-4.02 which is now in the tree.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-02 16:20:36 UTC

Affected package wasn't stable.

Repository is clean, all done.