Candidate: CVE-2019-9587
PublicDate: 2019-03-06 08:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9587
 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263
 https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/
Description:
 There is a stack consumption issue in md5Round1() located in Decrypt.cc in
 Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for
 example) the pdfimages binary. It allows an attacker to cause Denial of
 Service (Segmentation fault) or possibly have unspecified other impact.
 This is related to Catalog::countPageTree.
Ubuntu-Description:
Notes:
 jdstrand> xpdf in koffice is 2.0
 amurray> according to upstream this and CVE-2019-9588 might be one and the same issue
 mdeslaur> can't reproduce with poppler, no indication it is affected
 mdeslaur> as of 2022-01-05, xpdf commit not available.
 ebarretto> since 0.5.12-1 libextractor does not use xpdf anymore.
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_xpdf:
upstream_xpdf: needs-triage
precise/esm_xpdf: DNE
trusty_xpdf: ignored (reached end-of-life)
trusty/esm_xpdf: DNE (trusty was needs-triage)
xenial_xpdf: ignored (end of standard support, was needs-triage)
bionic_xpdf: needs-triage
cosmic_xpdf: ignored (reached end-of-life)
disco_xpdf: ignored (reached end-of-life)
eoan_xpdf: ignored (reached end-of-life)
focal_xpdf: DNE
groovy_xpdf: DNE
hirsute_xpdf: ignored (reached end-of-life)
impish_xpdf: needs-triage
jammy_xpdf: needs-triage
devel_xpdf: needs-triage

Patches_poppler:
upstream_poppler: needs-triage
precise/esm_poppler: DNE
trusty_poppler: ignored (reached end-of-life)
trusty/esm_poppler: DNE (trusty was needs-triage)
xenial_poppler: not-affected (0.41.0-0ubuntu1.13)
esm-infra/xenial_poppler: not-affected (0.41.0-0ubuntu1.13)
bionic_poppler: not-affected (0.62.0-2ubuntu2.8)
cosmic_poppler: not-affected (0.68.0-0ubuntu1.6)
disco_poppler: not-affected (0.74.0-0ubuntu1.1)
eoan_poppler: not-affected (0.76.1-0ubuntu3)
focal_poppler: not-affected (0.76.1-0ubuntu3)
groovy_poppler: not-affected (0.76.1-0ubuntu3)
hirsute_poppler: not-affected (0.76.1-0ubuntu3)
impish_poppler: not-affected (0.76.1-0ubuntu3)
jammy_poppler: not-affected (0.76.1-0ubuntu3)
devel_poppler: not-affected (0.76.1-0ubuntu3)

Patches_libextractor:
upstream_libextractor: needs-triage
precise/esm_libextractor: DNE
trusty_libextractor: ignored (reached end-of-life)
trusty/esm_libextractor: DNE (trusty was needs-triage)
xenial_libextractor: not-affected (code not present)
bionic_libextractor: not-affected (code not present)
cosmic_libextractor: ignored (reached end-of-life)
disco_libextractor: not-affected (code not present)
eoan_libextractor: not-affected (code not present)
focal_libextractor: not-affected (code not present)
groovy_libextractor: not-affected (code not present)
hirsute_libextractor: not-affected (code not present)
impish_libextractor: not-affected (code not present)
jammy_libextractor: not-affected (code not present)
devel_libextractor: not-affected (code not present)

Patches_ipe:
upstream_ipe: needs-triage
precise/esm_ipe: DNE
trusty_ipe: ignored (reached end-of-life)
trusty/esm_ipe: DNE (trusty was needs-triage)
xenial_ipe: not-affected (code not present)
bionic_ipe: not-affected (code not present)
cosmic_ipe: ignored (reached end-of-life)
disco_ipe: not-affected (code not present)
eoan_ipe: not-affected (code not present)
focal_ipe: not-affected (code not present)
groovy_ipe: not-affected (code not present)
hirsute_ipe: not-affected (code not present)
impish_ipe: not-affected (code not present)
jammy_ipe: not-affected (code not present)
devel_ipe: not-affected (code not present)

Patches_texlive-bin:
upstream_texlive-bin: needs-triage
precise/esm_texlive-bin: DNE
trusty_texlive-bin: ignored (reached end-of-life)
trusty/esm_texlive-bin: DNE (trusty was needs-triage)
xenial_texlive-bin: ignored (end of standard support, was deferred [2022-01-05])
esm-infra/xenial_texlive-bin: deferred
bionic_texlive-bin: deferred
cosmic_texlive-bin: ignored (reached end-of-life)
disco_texlive-bin: ignored (reached end-of-life)
eoan_texlive-bin: ignored (reached end-of-life)
focal_texlive-bin: deferred
groovy_texlive-bin: ignored (reached end-of-life)
hirsute_texlive-bin: ignored (reached end-of-life)
impish_texlive-bin: deferred
jammy_texlive-bin: deferred
devel_texlive-bin: deferred

Patches_utopia-documents:
upstream_utopia-documents: needs-triage
precise/esm_utopia-documents: DNE
trusty_utopia-documents: DNE
trusty/esm_utopia-documents: DNE
xenial_utopia-documents: DNE
bionic_utopia-documents: DNE
cosmic_utopia-documents: DNE
disco_utopia-documents: DNE
eoan_utopia-documents: DNE
focal_utopia-documents: DNE
groovy_utopia-documents: DNE
hirsute_utopia-documents: DNE
impish_utopia-documents: DNE
jammy_utopia-documents: DNE
devel_utopia-documents: DNE