1128345 – (CVE-2019-9587) VUL-1: CVE-2019-9587: xpdf: stack consumption issue in md5Round1() located in Decrypt.cc

Bug 1128345 (CVE-2019-9587) - VUL-1: CVE-2019-9587: xpdf: stack consumption issue in md5Round1() located in Decrypt.cc

Summary: VUL-1: CVE-2019-9587: xpdf: stack consumption issue in md5Round1() located in...

Status:	RESOLVED INVALID

Alias:	CVE-2019-9587

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assignee:	Peter Simons
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/225705/
Whiteboard:	CVSSv3:SUSE:CVE-2019-9587:3.3:(AV:L/A...
Keywords:

Depends on:
Blocks:	1133493
	Show dependency tree / graph

Clone This Bug

Reported:	2019-03-07 14:19 UTC by Robert Frohl
Modified:	2023-06-14 14:50 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Frohl 2019-03-07 14:19:38 UTC

CVE-2019-9587

There is a stack consumption issue in md5Round1() located in Decrypt.cc in
Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for
example) the pdfimages binary. It allows an attacker to cause Denial of
Service (Segmentation fault) or possibly have unspecified other impact.
This is related to Catalog::countPageTree.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9587
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9587.html