Stack-based Buffer Over-read Vulnerability in Xpdf 4.01.01

Stack-based Buffer Over-read Vulnerability in Xpdf 4.01.01

CVE-2019-12360 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:P

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

Learn more about our Web Application Penetration Testing UK.