5.5

CVE-2019-17064

Exploit
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GlyphandcogXpdfreader Version4.02
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.41% 0.694
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html
Third Party Advisory
Exploit
VDB Entry
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890
Patch
Vendor Advisory
Exploit
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/