Test Kennung:	1.3.6.1.4.1.25623.1.0.113413
Kategorie:	Denial of Service
Titel:	Xpdf <= 4.01.01 Multiple Vulnerabilities
Zusammenfassung:	Xpdf is prone to multiple vulnerabilities.
Beschreibung:	Summary: Xpdf is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case - FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes - FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters - FPE in the function ImageStream::ImageStream at Stream.cc for nComps - NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc - FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case - FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters - FPE in the function ImageStream::ImageStream at Stream.cc for nBits - FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case - A buffer over-read could be triggered in FOFIType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted PDF file to cause a Denial of Service or an information leak, or possibly have unspecified other impact. - A heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the array has only one element allowed. - integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the 'one byte per line' case - integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the 'multiple bytes per line' case - out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2 - out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3 - out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1 - out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2 - use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc due to an out of bounds read Vulnerability Impact: Successful exploitation would allow an attacker to crash the application or access sensitive information. Affected Software/OS: Xpdf through version 4.01.01. Solution: Update to version 4.02 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10018 Common Vulnerability Exposure (CVE) ID: CVE-2019-10019 Common Vulnerability Exposure (CVE) ID: CVE-2019-10020 Common Vulnerability Exposure (CVE) ID: CVE-2019-10021 Common Vulnerability Exposure (CVE) ID: CVE-2019-10022 Common Vulnerability Exposure (CVE) ID: CVE-2019-10023 Common Vulnerability Exposure (CVE) ID: CVE-2019-10024 Common Vulnerability Exposure (CVE) ID: CVE-2019-10025 Common Vulnerability Exposure (CVE) ID: CVE-2019-10026 Common Vulnerability Exposure (CVE) ID: CVE-2019-12957 Common Vulnerability Exposure (CVE) ID: CVE-2019-12958 Common Vulnerability Exposure (CVE) ID: CVE-2019-14288 Common Vulnerability Exposure (CVE) ID: CVE-2019-14289 Common Vulnerability Exposure (CVE) ID: CVE-2019-14290 Common Vulnerability Exposure (CVE) ID: CVE-2019-14291 Common Vulnerability Exposure (CVE) ID: CVE-2019-14292 Common Vulnerability Exposure (CVE) ID: CVE-2019-14293 Common Vulnerability Exposure (CVE) ID: CVE-2019-14294
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.