CVE-2019-17064 Information
Feb 14, 2021
cve
Description
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Reference
http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
5.5
Share on: