Vulnerability Details

Xpdf <= 4.02 Denial of Service (DoS) Vulnerability

Published: 2019-10-02 11:26:33
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Detection Type:
Executable Unreliable

Solution Type:
None Available

Summary:
Xpdf is prone to a denial of service (DoS) vulnerability.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
There is a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.

Impact:
Successful exploitation would allow an attacker to crash the application.

Affected Versions:
Xpdf through version 4.02.

Recommendations:
No known solution is available as of 02nd October, 2019. Information regarding this issue will be updated once solution details are available.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2019-17064

References:

https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890

Severity
Low
CVSS Score
2.1
Published
2019-10-02
Modified
2019-10-02
Category
Denial of Service

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.