CVE-2019-9878
First published: Thu Mar 21 2019(Updated: )
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pdfalto Project Pdfalto | =0.2 | |
| Xpdfreader Xpdf | =4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-9878?
CVE-2019-9878 is a vulnerability in Xpdf 4.0.0 and pdfalto 0.2 that allows an attacker to cause a denial of service by triggering an invalid memory access in the GfxIndexedColorSpace::mapColorToBase() function.
What is the severity of CVE-2019-9878?
The severity of CVE-2019-9878 is high with a CVSS score of 7.8.
How can CVE-2019-9878 be triggered?
CVE-2019-9878 can be triggered by sending a crafted PDF file to the pdftops binary.
What is the affected software?
The affected software for CVE-2019-9878 is Xpdf 4.0.0 and pdfalto 0.2.
Is there a fix for CVE-2019-9878?
There may be updates or patches available for Xpdf 4.0.0 and pdfalto 0.2 to address CVE-2019-9878, it is recommended to check the vendor's website or official sources for more information.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/pdfalto project
- canonical/pdfalto project pdfalto
- version/pdfalto project pdfalto/0.2
- vendor/xpdfreader
- canonical/xpdfreader xpdf
- version/xpdfreader xpdf/4.0.0