CVE-2019-9878

{"id": "CVE-2019-9878", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-03-21T16:01:17.593", "references": [{"url": "https://github.com/kermitt2/pdfalto/issues/46", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."}, {"lang": "es", "value": "Hay un acceso inv\u00e1lido a la memoria en la funci\u00f3n GfxIndexedColorSpace::mapColorToBase(), ubicada en GfxState.cc en Xpdf 4.0.0, tal y como se emplea en pdfalto 0.2. Esto puede desencadenarse, por ejemplo, mediante el env\u00edo de un archivo pdf manipulado al binario pdftops. Permite que un atacante provoque una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o, posiblemente, otro impacto sin especificar."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pdfalto_project:pdfalto:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A5C3FA2-BD27-447F-B3E7-F3D7F48B4C04"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xpdfreader:xpdf:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABAE5F58-1321-4A0C-9022-864EA0759909"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}