{"vulnerability": "CVE-2019-1328", "sightings": [{"uuid": "b467002b-c2a5-482b-9422-fbd186b431da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13288", "type": "published-proof-of-concept", "source": "Telegram/PNqx4mPxzvoY1f0aHe2XEAcZZ2H_iuuNkXFI5Jgyv6X5z1w", "content": "", "creation_timestamp": "2025-12-28T21:00:05.000000Z"}, {"uuid": "778bc418-224e-4bc5-8f3b-3e1c5df079e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13281", "type": "published-proof-of-concept", "source": "https://t.me/cveNotify/206", "content": "\ud83d\udea8 #CVE-2019-13281\nIn Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in http://Stream.cc\u00a0 when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext ... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13281\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-04T23:00:00.000000Z"}, {"uuid": "53696e39-c941-49e0-a120-6290a0293386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13288", "type": "seen", "source": "https://t.me/arpsyndicate/2116", "content": "#ExploitObserverAlert\n\nCVE-2019-13288\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2019-13288. In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.\n\nFIRST-EPSS: 0.000860000\nNVD-IS: 3.6\nNVD-ES: 1.8", "creation_timestamp": "2023-12-23T10:47:42.000000Z"}, {"uuid": "88b1926d-f2f9-43a1-b90f-ba14ab03980d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13282", "type": "published-proof-of-concept", "source": "https://t.me/cveNotify/207", "content": "\ud83d\udea8 #CVE-2019-13282\nIn Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in http://Function.cc\u00a0 when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pd... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13282\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-04T23:00:00.000000Z"}, {"uuid": "83e64f1f-48fc-4204-bfc6-a29bb0bc0b62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13283", "type": "seen", "source": "https://t.me/cveNotify/208", "content": "\ud83d\udea8 #CVE-2019-13283\nIn Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for e... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13283\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-04T23:00:01.000000Z"}, {"uuid": "49b5535a-3d23-4722-80a9-5afa5f923635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13286", "type": "published-proof-of-concept", "source": "https://t.me/cveNotify/209", "content": "\ud83d\udea8 #CVE-2019-13286\nIn Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at http://JBIG2Stream.cc\u00a0. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It migh... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13286\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-04T23:59:53.000000Z"}, {"uuid": "3585c20f-9f4a-4cd2-b919-e22ef6337cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13287", "type": "seen", "source": "https://t.me/cveNotify/210", "content": "\ud83d\udea8 #CVE-2019-13287\nIn Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It mig... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13287\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-04T23:59:54.000000Z"}, {"uuid": "19bd3c63-c3a1-481d-9329-d5126ff06d21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13288", "type": "seen", "source": "https://t.me/cveNotify/211", "content": "\ud83d\udea8 #CVE-2019-13288\nIn Xpdf 4.01.01, the Parser::getObj() function in http://Parser.cc\u00a0 may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13288\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-04T23:59:55.000000Z"}, {"uuid": "83e501cf-8074-4f81-bb53-16345c841cdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13289", "type": "published-proof-of-concept", "source": "https://t.me/cveNotify/212", "content": "\ud83d\udea8 #CVE-2019-13289\nIn Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at http://JBIG2Stream.cc\u00a0. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13289\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-04T23:59:55.000000Z"}, {"uuid": "22bad974-3f07-4a05-bf1c-8d4f05c8aeb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-13285", "type": "seen", "source": "https://t.me/cibsecurity/11799", "content": "ATENTION\u203c New - CVE-2019-13285\n\nCoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-05-04T18:29:13.000000Z"}]}