Out-of-bounds Read The advisory has been revoked - it doesn't affect any version of package xpdf  (opens in a new tab)


Threat Intelligence

Exploit Maturity
Not Defined
EPSS
0.25% (65th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN10-XPDF-607459
  • published2 Jul 2019
  • disclosed25 Jun 2019

Introduced: 25 Jun 2019

CVE-2019-12957  (opens in a new tab)
CWE-125  (opens in a new tab)

Amendment

The Debian security team deemed this advisory irrelevant for Debian:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream xpdf package and not the xpdf package as distributed by Debian.

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.