ASA-201910-10 log original external raw
[ASA-201910-10] xpdf: arbitrary code execution |
---|
Arch Linux Security Advisory ASA-201910-10
==========================================
Severity: Medium
Date : 2019-10-16
CVE-ID : CVE-2019-16927
Package : xpdf
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1048
Summary
=======
The package xpdf before version 4.02-1 is vulnerable to arbitrary code
execution.
Resolution
==========
Upgrade to 4.02-1.
# pacman -Syu "xpdf>=4.02-1"
The problem has been fixed upstream in version 4.02.
Workaround
==========
None.
Description
===========
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the
TextPage::findGaps function in TextOutputDev.cc, a different
vulnerability than CVE-2019-9877.
Impact
======
A local attacker is able to execute arbitrary code via a specially
crafted PDF document.
References
==========
https://bugs.archlinux.org/task/63980
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
https://security.archlinux.org/CVE-2019-16927
|