A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.
From upstream: "GfxSeparationColorSpace (and also GfxDeviceNColorSpace) were not checking that the tint transform functions had the correct number of inputs (and outputs). That will be fixed in the next release."
Gentoo Security Padawan
this bug is fixed in xpdf-4.02 which is now in the tree.
Thank you all for you work.
Closing as [noglsa].
Security team, should this bug be closed as resolved?
Upstream confirms that it is fixed:
* CVE-2019-12493: fixed in 4.02 [GfxState.cc]
(In reply to Andrew Savchenko from comment #3)
> Security team, should this bug be closed as resolved?
> Upstream confirms that it is fixed:
> * CVE-2019-12493: fixed in 4.02 [GfxState.cc]
Yep, sorry! Closing.