Lucene search

[email protected]CVE-2019-9199

HistoryFeb 26, 2019 - 11:29 p.m.

CVE-2019-9199

2019-02-2623:29:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2019-9199

podofo

impose

pdftranslator

setsource

pdftranslator.cpp

denial of service

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Affected configurations

NVD

Node

podofo_projectpodofoMatch0.9.6

Node

fedoraprojectfedoraMatch29

fedoraprojectfedoraMatch30

CPENameOperatorVersion
podofo_project:podofopodofo project podofoeq0.9.6

CPE	Name	Operator	Version
podofo_project:podofo	podofo project podofo	eq	0.9.6

References

github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9

github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/

research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/

sourceforge.net/p/podofo/tickets/40/

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for CVE-2019-9199

veracode1 osv1 prion1 nvd1 alpinelinux1 debiancve1 redhatcve1 ubuntucve1 cvelist1 fedora4 nessus3 openvas3 mageia1 archlinux1