CVE-2019-15860

Published: 3 September 2019

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.

Notes

Author	Note
jdstrand	xpdf in koffice is 2.0
mdeslaur	no indication that poppler is vulnerable to this issue
ebarretto	xpdf in Debian uses poppler, which is not affected or fixed

5.5

Package	Release	Status
ipe Launchpad, Ubuntu, Debian	bionic	Needs triage
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Needs triage
poppler Launchpad, Ubuntu, Debian	bionic	Not vulnerable
	disco	Not vulnerable
	eoan	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hirsute	Not vulnerable
	impish	Not vulnerable
	jammy	Not vulnerable
	kinetic	Not vulnerable
	lunar	Not vulnerable
	mantic	Not vulnerable
	trusty	Does not exist
	upstream	Needs triage
	xenial	Not vulnerable
xpdf Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	disco	Ignored (end of life)
	eoan	Ignored (end of life)
	focal	Does not exist
	groovy	Does not exist
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Not vulnerable (code not present)
	kinetic	Not vulnerable (code not present)
	lunar	Not vulnerable (code not present)
	mantic	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Not vulnerable (debian: xpdf in Debian uses poppler, which is fixed)
	xenial	Not vulnerable (code not present)

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.