Candidate: CVE-2019-9199
PublicDate: 2019-02-26 23:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9199
 https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/
 https://sourceforge.net/p/podofo/tickets/40/
Description:
 PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo
 0.9.6 has a NULL pointer dereference that can (for example) be triggered by
 sending a crafted PDF file to the podofoimpose binary. It allows an
 attacker to cause Denial of Service (Segmentation fault) or possibly have
 unspecified other impact.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_libpodofo:
upstream_libpodofo: needs-triage
precise/esm_libpodofo: DNE
trusty_libpodofo: ignored (reached end-of-life)
trusty/esm_libpodofo: DNE (trusty was needs-triage)
xenial_libpodofo: ignored (end of standard support, was needs-triage)
bionic_libpodofo: needs-triage
cosmic_libpodofo: ignored (reached end-of-life)
disco_libpodofo: ignored (reached end-of-life)
eoan_libpodofo: not-affected (0.9.6+dfsg-5)
focal_libpodofo: not-affected (0.9.6+dfsg-5)
groovy_libpodofo: not-affected (0.9.6+dfsg-5)
hirsute_libpodofo: not-affected (0.9.6+dfsg-5)
impish_libpodofo: not-affected (0.9.6+dfsg-5)
jammy_libpodofo: not-affected (0.9.6+dfsg-5)
devel_libpodofo: not-affected (0.9.6+dfsg-5)