suse · CVE-2019-16115

Quick triage

Priority: medium Published: 2021-05-30 14:31:40 UTC Updated: 2025-05-01 00:57:13 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-16115 severity moderate: SUSE including 43 source package names (libpoppler-cpp0, libpoppler-cpp0-0.43.0-16.28.1, …), 228 product×package rows across 50 product lines (SLES for SAP Applications 11 SP2, SLES for SAP Applications 11 SP3, … (50 product lines)): Known Not Affected 174, Fixed 54.

Description:

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.

cvelogic Threat Intelligence