Vulnerabilities > CVE-2019-16927 - Out-of-bounds Write vulnerability in Glyphandcog Xpdf 4.01.01

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

glyphandcog

CWE-787

nessus

NVD

Published: 2019-09-27

Updated: 2019-10-01

Summary

Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.

Vulnerable Configurations

Part	Description	Count
Application	Glyphandcog Glyphandcog Xpdf 4.01.01	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_791E8F79E7D111E98B31206A8A720317.NASL
description	Xpdf 4.02 fixes two vulnerabilities. Both fixes have been backported to 3.04. An invalid memory access vulnerability in TextPage::findGaps() in Xpdf 4.01 through a crafted PDF document can cause a segfault. An out of bounds write exists in TextPage::findGaps() of Xpdf 4.01.01
last seen	2020-06-01
modified	2020-06-02
plugin id	129661
published	2019-10-07
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129661
title	FreeBSD : Xpdf -- Multiple Vulnerabilities (791e8f79-e7d1-11e9-8b31-206a8a720317)

References

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885