SB2019032522 - Multiple vulnerabilities in xpdf

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2019-16927)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.

2) Division by zero (CVE-ID: CVE-2019-10019)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

3) Division by zero (CVE-ID: CVE-2019-10020)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.

4) Division by zero (CVE-ID: CVE-2019-10021)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.

5) NULL pointer dereference (CVE-ID: CVE-2019-10022)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in function Gfx::opSetExtGState in Gfx.cc. A remote attacker can perform a denial of service (DoS) attack.

6) Division by zero (CVE-ID: CVE-2019-10023)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.

7) Division by zero (CVE-ID: CVE-2019-10024)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.

8) Division by zero (CVE-ID: CVE-2019-10025)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.

9) Division by zero (CVE-ID: CVE-2019-10026)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
• https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275
• https://usn.ubuntu.com/4042-1/
• https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274
• https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273
• https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276