Vulnerabilities > CVE-2019-9589 - NULL Pointer Dereference vulnerability in Glyphandcog Xpdfreader 4.01

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Vulnerable Configurations

Part Description Count
Application
Glyphandcog
1

Common Weakness Enumeration (CWE)