Vulnerabilities > CVE-2019-9589 - NULL Pointer Dereference vulnerability in Glyphandcog Xpdfreader 4.01

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
glyphandcog
CWE-476

Summary

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Vulnerable Configurations

Part Description Count
Application
Glyphandcog
1

Common Weakness Enumeration (CWE)