Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 687608 (CVE-2019-12515)

Summary: <app-text/xpdf-4.02: out-of-bounds read vulnerability in the function FlateStream::getChar() in Stream.cc (CVE-2019-12515)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: bircoph
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41837
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2019-06-08 01:29:35 UTC 
(https://nvd.nist.gov/vuln/detail/CVE-2019-12515):

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.

@security, note repository at:https://github.com/PanguL4b/pocs has 1 repo...no reference to upstream (at the moment).



Gentoo Security Padawan
(domhnall)
Comment 1 Andrew Savchenko gentoo-dev 2019-10-23 14:37:38 UTC 
Hi,

this bug is fixed in xpdf-4.02 which is now in the tree.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-02 16:20:36 UTC 
Affected package wasn't stable.

Repository is clean, all done.