CVE-2019-9588

{"id": "CVE-2019-9588", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-03-06T08:29:00.370", "references": [{"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."}, {"lang": "es", "value": "En la versi\u00f3n 4.01 de Xpdf, hay un acceso de memoria inv\u00e1lida en gAtomicIncrement() en GMutex.h Puede desencadenarse mediante el env\u00edo de un archivo pdf manipulado a, por ejemplo, el binario pdftops. Permite a un atacante provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o tener otro impacto no especificado."}], "lastModified": "2019-03-06T23:08:51.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E5C7A67-81A3-4BD3-A495-2F75C68F33EF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}