In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
{ "binaries": [ { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "gir1.2-poppler-0.18" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-cpp-dev" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-cpp0" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-dev" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-glib-dev" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-glib8" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-private-dev" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-qt4-4" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-qt4-dev" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-qt5-1" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler-qt5-dev" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "libpoppler58" }, { "binary_version": "0.41.0-0ubuntu1.15", "binary_name": "poppler-utils" } ], "availability": "No subscription required" }