CVE-2019-14267

high-risk

Published 2019-07-29

PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.

Do I need to act?

!

17.3% chance of exploitation in next 30 days

EPSS score — higher than 83% of all CVEs

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

!

1 public exploit available

47178

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (4)

Pdfresurrect

Fedora

Fedora

Fedora

Affected Vendors

Fedoraproject Pdfresurrect Project

References (12)

Exploit http://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.ht...

Product https://github.com/enferex/pdfresurrect/commits/master

Third Party Advisory https://github.com/snappyJack/pdfresurrect_CVE-2019-14267

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Exploit http://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.ht...

Product https://github.com/enferex/pdfresurrect/commits/master

Third Party Advisory https://github.com/snappyJack/pdfresurrect_CVE-2019-14267

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

54

/ 100

high-risk

Severity 24/34 · High

Exploitability 20/34 · Moderate

Exposure 10/34 · Low