NULL Pointer Dereference Vulnerability in Xpdf 4.01's PSOutputDev::setupResources() Function

NULL Pointer Dereference Vulnerability in Xpdf 4.01's PSOutputDev::setupResources() Function

CVE-2019-9589 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Learn more about our Web Application Penetration Testing UK.