PublicDateAtUSN: 2019-03-24 Candidate: CVE-2019-10023 PublicDate: 2019-03-25 00:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 https://ubuntu.com/security/notices/USN-4042-1 Description: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. Ubuntu-Description: Notes: jdstrand> xpdf in koffice is 2.0 pfsmorigo> since there is not public repository, just a tarball, I analised pfsmorigo> the file in question (Function.cc) with the affected version and pfsmorigo> they seems the same mdeslaur> same commit as CVE-2019-10018 Bugs: https://bugs.freedesktop.org/show_bug.cgi?id=101500 (poppler) Priority: low Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM] Patches_xpdf: upstream_xpdf: needs-triage precise/esm_xpdf: DNE trusty_xpdf: ignored (reached end-of-life) trusty/esm_xpdf: DNE (trusty was needed) xenial_xpdf: ignored (end of standard support, was needed) bionic_xpdf: needed cosmic_xpdf: ignored (reached end-of-life) disco_xpdf: ignored (reached end-of-life) eoan_xpdf: ignored (reached end-of-life) focal_xpdf: DNE groovy_xpdf: DNE hirsute_xpdf: ignored (reached end-of-life) impish_xpdf: needed jammy_xpdf: needed devel_xpdf: needed Patches_poppler: upstream: https://cgit.freedesktop.org/poppler/poppler/commit/?id=e2ab2fa9d8c41e0115b2c276a2594cd2f7c217e6 upstream_poppler: needs-triage precise/esm_poppler: DNE trusty_poppler: ignored (reached end-of-life) trusty/esm_poppler: DNE (trusty was needed) xenial_poppler: released (0.41.0-0ubuntu1.14) esm-infra/xenial_poppler: released (0.41.0-0ubuntu1.14) bionic_poppler: not-affected (0.62.0-2ubuntu2.8) cosmic_poppler: not-affected (0.68.0-0ubuntu1.6) disco_poppler: not-affected (0.74.0-0ubuntu1.1) eoan_poppler: not-affected (0.76.1-0ubuntu3) focal_poppler: not-affected (0.76.1-0ubuntu3) groovy_poppler: not-affected (0.76.1-0ubuntu3) hirsute_poppler: not-affected (0.76.1-0ubuntu3) impish_poppler: not-affected (0.76.1-0ubuntu3) jammy_poppler: not-affected (0.76.1-0ubuntu3) devel_poppler: not-affected (0.76.1-0ubuntu3) Patches_libextractor: upstream_libextractor: needs-triage precise/esm_libextractor: DNE trusty_libextractor: not-affected (code not present) trusty/esm_libextractor: DNE (trusty was not-affected [code not present]) xenial_libextractor: not-affected (code not present) bionic_libextractor: not-affected (code not present) cosmic_libextractor: not-affected (code not present) disco_libextractor: not-affected (code not present) eoan_libextractor: not-affected (code not present) focal_libextractor: not-affected (code not present) groovy_libextractor: not-affected (code not present) hirsute_libextractor: not-affected (code not present) impish_libextractor: not-affected (code not present) jammy_libextractor: not-affected (code not present) devel_libextractor: not-affected (code not present) Patches_ipe: upstream_ipe: not-affected (code not present) precise/esm_ipe: DNE trusty_ipe: not-affected (code not present) trusty/esm_ipe: DNE (trusty was not-affected [code not present]) xenial_ipe: not-affected (code not present) bionic_ipe: not-affected (code not present) cosmic_ipe: not-affected (code not present) disco_ipe: not-affected (code not present) eoan_ipe: not-affected (code not present) focal_ipe: not-affected (code not present) groovy_ipe: not-affected (code not present) hirsute_ipe: not-affected (code not present) impish_ipe: not-affected (code not present) jammy_ipe: not-affected (code not present) devel_ipe: not-affected (code not present)