CVE-2019-14934

moderate-risk

Published 2019-08-11

An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.

Do I need to act?

-

0.51% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (5)

Pdfresurrect

Fedora

Fedora

Fedora

Debian Linux

Affected Vendors

Debian Fedoraproject Pdfresurrect Project

References (12)

Patch https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded8...

Patch https://github.com/enferex/pdfresurrect/compare/v0.17...v0.18

Mailing List https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Patch https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded8...

Patch https://github.com/enferex/pdfresurrect/compare/v0.17...v0.18

Mailing List https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

38

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 12/34 · Low