CVE-2019-9587
First published: Wed Mar 06 2019(Updated: )
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Glyph & Cog XpdfReader | =4.01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-9587?
CVE-2019-9587 has a severity rating that could lead to Denial of Service due to stack consumption issues.
How do I fix CVE-2019-9587?
To fix CVE-2019-9587, upgrade to the latest version of XpdfReader that addresses this vulnerability.
What does CVE-2019-9587 affect?
CVE-2019-9587 affects XpdfReader version 4.01, particularly its md5Round1() function.
What type of vulnerability is CVE-2019-9587?
CVE-2019-9587 is a stack consumption vulnerability that can lead to a segmentation fault.
How can an attacker exploit CVE-2019-9587?
An attacker can exploit CVE-2019-9587 by sending a crafted PDF file to the pdfimages binary.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/glyphandcog
- canonical/glyph & cog xpdfreader
- version/glyph & cog xpdfreader/4.01