CVE-2019-10019

Published: 24 March 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
ipe
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not present)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
libextractor
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not present)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
poppler
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(0.76.1-0ubuntu3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.76.1-0ubuntu3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.62.0-2ubuntu2.8)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.41.0-0ubuntu1.14)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://cgit.freedesktop.org/poppler/poppler/commit/?id=4552af28684e18c6153ce5598b121a73477af4d6
xpdf
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)

Notes

AuthorNote
jdstrand
xpdf in koffice is 2.0
pfsmorigo
since there is not public repository, just a tarball, I analised
the file in question (PSOutputDev.cc) with the affected version
and they seems the same

References

Bugs