VDB
CVE-2019-9587
CVE-2019-9587
PUBLISHED
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.
EPSS 0.34% · 56.8th percentile
Risk Scores
EPSS Score
0.34%
56.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | texlive-bin | 2024.20240313.70630+ds-6ubuntu2, 2024.20240313.70630+ds-6, 0 |
| Ubuntu:24.04:LTS | texlive-bin | 2023.20230311.66589-9, 2023.20230311.66589-8build1, 2023.20230311.66589-8 |
| Ubuntu:Pro:16.04:LTS | texlive-bin | 2015.20150524.37493-7, 2015.20160222.37495-1ubuntu0.1, 2015.20160222.37495-1ubuntu0.1+esm1 |
| Ubuntu:22.04:LTS | texlive-bin | 2021.20210626.59705-1ubuntu0.2, 2020.20200327.54578-7build1, 2021.20210626.59705-1 |
| Ubuntu:Pro:18.04:LTS | texlive-bin | 2017.20170613.44572-6, *, 0 |
| Ubuntu:Pro:20.04:LTS | texlive-bin | 0, 2019.20190605.51237-2build1, 2019.20190605.51237-3 |
Exploit Intelligence
Timeline
- Mar 6, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-9587 third-party-advisory
- https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263 third-party-advisory
- https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-9587 third-party-advisory