CVE-2019-12493

Priority
Description
A stack-based buffer over-read exists in PostScriptFunction::transform in
Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and
GfxDeviceNColorSpace mishandle tint transform functions. It can, for
example, be triggered by sending a crafted PDF document to the pdftops
tool. It might allow an attacker to cause Denial of Service or leak memory
data.
Notes
jdstrandxpdf in koffice is 2.0
mdeslauras of 2019-07-23, xpdf commit not available.
ebarrettoMarking emscripten ignored as poppler code is only for test/example.
since 0.5.12-1 libextractor does not use xpdf anymore.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Source: ipe (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (code not present)
Ubuntu 20.10 (Groovy Gorilla):not-affected (code not present)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (code not present)
Ubuntu 20.10 (Groovy Gorilla):not-affected (code not present)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.41.0-0ubuntu1.13)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.62.0-2ubuntu2.8)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (0.76.1-0ubuntu3)
Ubuntu 20.10 (Groovy Gorilla):not-affected (0.76.1-0ubuntu3)
Patches:
Upstream:https://gitlab.freedesktop.org/poppler/poppler/commit/37840827c4073dedfd37915a74eb8fe0c44843c3
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2019-07-23)
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2019-07-23)
Ubuntu 20.04 LTS (Focal Fossa):deferred (2019-07-23)
Ubuntu 20.10 (Groovy Gorilla):deferred (2019-07-23)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Source: xpdf (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-10-24 06:56:00 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)