First published: Mon Jun 24 2019(Updated: )
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Glyphandcog Xpdfreader | =4.01.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-12958.
The severity of CVE-2019-12958 is medium with a severity value of 5.5.
CVE-2019-12958 can be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when trying to access the second privateDicts array element.
Xpdf 4.01.01 is affected by CVE-2019-12958.
Yes, a fix is available for CVE-2019-12958. It is recommended to update to a version that includes the fix.