Fluid Attacks Database

Description

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	poppler	>=0 <0.22.5-4	0.22.5-4
debian 14	poppler	>=0 <0.22.5-4	0.22.5-4
debian 13	poppler	>=0 <0.22.5-4	0.22.5-4
debian 11	poppler	>=0 <0.22.5-4	0.22.5-4

Aliases

1. CVE-2019-129572. NVD-2019-129573. OSV-DEBIAN-2019-129574. OSV-2019-129575. SECURITY-TRACKER-CVE-2019-12957

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.