Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-12958

Publication date 25 June 2019

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.5 · Medium

Score breakdown

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.

Read the notes from the security team

Status

Package Ubuntu Release Status
ipe 23.04 lunar
Not affected
22.10 kinetic
Not affected
22.04 LTS jammy
Not affected
21.10 impish
Not affected
21.04 hirsute
Not affected
20.10 groovy
Not affected
20.04 LTS focal
Not affected
19.10 eoan
Not affected
19.04 disco
Not affected
18.10 cosmic Ignored
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
libextractor 23.04 lunar
Not affected
22.10 kinetic
Not affected
22.04 LTS jammy
Not affected
21.10 impish
Not affected
21.04 hirsute
Not affected
20.10 groovy
Not affected
20.04 LTS focal
Not affected
19.10 eoan
Not affected
19.04 disco
Not affected
18.10 cosmic Ignored
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected
poppler 23.04 lunar
Fixed 0.57.0-2ubuntu4
22.10 kinetic
Fixed 0.57.0-2ubuntu4
22.04 LTS jammy
Fixed 0.57.0-2ubuntu4
21.10 impish
Fixed 0.57.0-2ubuntu4
21.04 hirsute
Fixed 0.57.0-2ubuntu4
20.10 groovy
Fixed 0.57.0-2ubuntu4
20.04 LTS focal
Fixed 0.57.0-2ubuntu4
19.10 eoan
Fixed 0.57.0-2ubuntu4
19.04 disco
Fixed 0.57.0-2ubuntu4
18.10 cosmic
Fixed 0.57.0-2ubuntu4
18.04 LTS bionic
Fixed 0.57.0-2ubuntu4
16.04 LTS xenial
Fixed 0.41.0-0ubuntu1.6
14.04 LTS trusty Not in release
xpdf 23.04 lunar
Not affected
22.10 kinetic
Not affected
22.04 LTS jammy
Not affected
21.10 impish Ignored
21.04 hirsute Ignored
20.10 groovy Not in release
20.04 LTS focal Not in release
19.10 eoan Ignored
19.04 disco Ignored
18.10 cosmic Ignored
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release

Notes

jdstrand

xpdf in koffice is 2.0

mdeslaur

looks like CVE-2017-14976 in poppler

ebarretto

since 0.5.12-1 libextractor does not use xpdf anymore. xpdf in Debian uses poppler, which is not affected or fixed

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
poppler

Severity score breakdown

Parameter Value
Base score 5.5 · Medium
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H