CVE-2019-17064 - Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too

CVE-2019-17064

Summary

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.

References

Vulnerable Configurations

cpe:2.3:a:glyphandcog:xpdfreader:4.02:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:4.02:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

fedora	FEDORA-2019-224d8cb07a FEDORA-2019-b890d4aad2
misc	http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890

Last major update

10-12-2019 - 05:15

Published

01-10-2019 - 16:15

Last modified

10-12-2019 - 05:15