CVE-2019-10023

Published: 24 March 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
ipe
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(code not present)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(code not present)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not present)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
libextractor
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(code not present)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not present)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])
poppler
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(0.76.1-0ubuntu3)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(0.76.1-0ubuntu3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(0.76.1-0ubuntu3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(0.62.0-2ubuntu2.8)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.41.0-0ubuntu1.14)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://cgit.freedesktop.org/poppler/poppler/commit/?id=e2ab2fa9d8c41e0115b2c276a2594cd2f7c217e6
xpdf
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Needed

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)

Notes

AuthorNote
jdstrand
xpdf in koffice is 2.0
pfsmorigo
since there is not public repository, just a tarball, I analised
the file in question (Function.cc) with the affected version and
they seems the same
mdeslaur
same commit as CVE-2019-10018

References

Bugs