CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.315

EPSS Ranking 96.6%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj
https://github.com/PanguL4b/pocs/tree/master/xpdf/stack-overflow_dos_Parser__getObj

Products affected by CVE-2019-13288

Glyphandcog » Xpdfreader » Version: 4.01.01

cpe:2.3:a:glyphandcog:xpdfreader:4.01.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13288

Products

Pricing

Contact Us