Vulnerabilities > CVE-2019-9877 - Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.0.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | FreeBSD Local Security Checks |
| NASL id | FREEBSD_PKG_791E8F79E7D111E98B31206A8A720317.NASL |
| description | Xpdf 4.02 fixes two vulnerabilities. Both fixes have been backported to 3.04. An invalid memory access vulnerability in TextPage::findGaps() in Xpdf 4.01 through a crafted PDF document can cause a segfault. An out of bounds write exists in TextPage::findGaps() of Xpdf 4.01.01 |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 129661 |
| published | 2019-10-07 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/129661 |
| title | FreeBSD : Xpdf -- Multiple Vulnerabilities (791e8f79-e7d1-11e9-8b31-206a8a720317) |