Vulnerability Name: | CVE-2019-14294 (CCN-165322) | ||||||||||||||||
Assigned: | 2019-07-10 | ||||||||||||||||
Published: | 2019-07-10 | ||||||||||||||||
Updated: | 2020-08-24 | ||||||||||||||||
Summary: | An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. | ||||||||||||||||
CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)
| ||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
| ||||||||||||||||
Vulnerability Type: | CWE-125 CWE-416 | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2019-14294 Source: XF Type: UNKNOWN xpdf-cve201914294-code-exec(165322) Source: CCN Type: Xpdf Web page Some issues found in xpdf 4.01.01 Source: MISC Type: Exploit, Third Party Advisory https://forum.xpdfreader.com/viewtopic.php?f=3&t=41851 Source: MISC Type: Exploit, Third Party Advisory https://github.com/TeamSeri0us/pocs/tree/master/xpdf/4.01.01 | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |