Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2019-13283
HistoryJul 04, 2019 - 12:00 a.m.

CVE-2019-13283

2019-07-0400:00:00
ubuntu.com
ubuntu.com
18

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.8%

JSON

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in
strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not
ensure the source string has a valid length before making a fixed-length
copy. It can, for example, be triggered by sending a crafted PDF document
to the pdftotext tool. It allows an attacker to use a crafted pdf file to
cause Denial of Service or an information leak, or possibly have
unspecified other impact.

Notes

Author Note
jdstrand xpdf in koffice is 2.0
ebarretto since 0.5.12-1 libextractor does not use xpdf anymore. xpdf in Debian uses poppler, which is not affected or fixed
OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchpoppler< 0.41.0-0ubuntu1.15UNKNOWN

Related

debiancve 1
prion 1
nessus 7
nvd 1
cvelist 1
cve 1
openvas 6
osv 1
ubuntu 1
fedora 3
debiancve
debiancve
CVE-2019-13283
2019-07-04 20:15:10
prion
prion
Heap overflow
2019-07-04 20:15:00
nessus
nessus
SUSE SLES12 Security Update : poppler (SUSE-SU-2023:0496-1)
2023-02-24 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2023:0480-1)
2023-02-23 00:00:00
SUSE SLES12 Security Update : poppler (SUSE-SU-2023:0494-1)
2023-02-24 00:00:00
nvd
nvd
CVE-2019-13283
2019-07-04 20:15:10
cvelist
cvelist
CVE-2019-13283
2019-07-04 19:48:23
cve
cve
CVE-2019-13283
2019-07-04 20:15:10
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:0494-1)
2023-03-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0480-1)
2023-03-28 00:00:00
Ubuntu: Security Advisory (USN-4646-1)
2020-11-26 00:00:00
osv
osv
poppler vulnerabilities
2020-11-25 18:03:42
ubuntu
ubuntu
poppler vulnerabilities
2020-11-25 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: xpdf-4.02-1.fc30
2019-10-25 17:04:25
[SECURITY] Fedora 31 Update: xpdf-4.02-1.fc31
2019-10-26 17:37:03
[SECURITY] Fedora 29 Update: xpdf-4.02-1.fc29
2019-10-25 18:09:53

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.8%

JSON
Related for UB:CVE-2019-13283
debiancve1prion1nessus7nvd1cvelist1cve1openvas6osv1ubuntu1fedora3