UBUNTU-CVE-2019-12360

Source
https://ubuntu.com/security/CVE-2019-12360
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-12360.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-12360
Related
Published
2019-05-27T23:29:00Z
Modified
2024-10-15T14:06:50Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

References

Affected packages

Ubuntu:16.04:LTS / poppler

Package

Name
poppler
Purl
pkg:deb/ubuntu/poppler?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.41.0-0ubuntu1.13

Affected versions

0.*

0.33.0-0ubuntu3
0.37.0-0ubuntu1
0.38.0-0ubuntu1
0.41.0-0ubuntu1
0.41.0-0ubuntu1.1
0.41.0-0ubuntu1.2
0.41.0-0ubuntu1.3
0.41.0-0ubuntu1.4
0.41.0-0ubuntu1.5
0.41.0-0ubuntu1.6
0.41.0-0ubuntu1.7
0.41.0-0ubuntu1.8
0.41.0-0ubuntu1.9
0.41.0-0ubuntu1.10
0.41.0-0ubuntu1.11
0.41.0-0ubuntu1.12

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "gir1.2-poppler-0.18"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "gir1.2-poppler-0.18-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-cpp-dev"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-cpp-dev-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-cpp0"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-cpp0-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-dev"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-dev-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-glib-dev"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-glib-dev-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-glib-doc"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-glib8"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-glib8-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-private-dev"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-private-dev-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-qt4-4"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-qt4-4-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-qt4-dev"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-qt4-dev-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-qt5-1"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-qt5-1-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-qt5-dev"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler-qt5-dev-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler58"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "libpoppler58-dbgsym"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "poppler-dbg"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "poppler-utils"
        },
        {
            "binary_version": "0.41.0-0ubuntu1.13",
            "binary_name": "poppler-utils-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2015.*

2015.20150524.37493-5build1
2015.20150524.37493-7
2015.20150524.37493-7build1
2015.20150524.37493-7build4
2015.20160222.37495-1
2015.20160222.37495-1ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / emscripten

Package

Name
emscripten
Purl
pkg:deb/ubuntu/emscripten?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.1-1build1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:18.04:LTS / poppler

Package

Name
poppler
Purl
pkg:deb/ubuntu/poppler?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.62.0-2ubuntu2.8

Affected versions

0.*

0.57.0-2ubuntu4
0.57.0-2ubuntu5
0.62.0-1ubuntu1
0.62.0-2ubuntu1
0.62.0-2ubuntu2
0.62.0-2ubuntu2.1
0.62.0-2ubuntu2.2
0.62.0-2ubuntu2.4
0.62.0-2ubuntu2.5
0.62.0-2ubuntu2.6
0.62.0-2ubuntu2.7

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "gir1.2-poppler-0.18"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-cpp-dev"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-cpp0v5"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-cpp0v5-dbgsym"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-dev"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-glib-dev"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-glib-doc"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-glib8"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-glib8-dbgsym"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-private-dev"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-qt5-1"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-qt5-1-dbgsym"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler-qt5-dev"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler73"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "libpoppler73-dbgsym"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "poppler-utils"
        },
        {
            "binary_version": "0.62.0-2ubuntu2.8",
            "binary_name": "poppler-utils-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2017.*

2017.20170613.44572-5build1
2017.20170613.44572-5build2
2017.20170613.44572-6
2017.20170613.44572-6build1
2017.20170613.44572-6ubuntu1
2017.20170613.44572-8build1
2017.20170613.44572-8ubuntu0.1
2017.20170613.44572-8ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / emscripten

Package

Name
emscripten
Purl
pkg:deb/ubuntu/emscripten?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.1-1build1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2019.*

2019.20190605.51237-2build1
2019.20190605.51237-3
2019.20190605.51237-3build1
2019.20190605.51237-3build2
2019.20190605.51237-3ubuntu0.1
2019.20190605.51237-3ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / emscripten

Package

Name
emscripten
Purl
pkg:deb/ubuntu/emscripten?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.13~dfsg-1

3.*

3.1.1~dfsg+~1.39.6-5ubuntu4
3.1.2~dfsg+~1.39.6-6ubuntu1
3.1.3~dfsg-4ubuntu1
3.1.3~dfsg-5ubuntu1
3.1.4~dfsg-7ubuntu1
3.1.5~dfsg-3ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2020.*

2020.20200327.54578-7
2020.20200327.54578-7build1

2021.*

2021.20210626.59705-1
2021.20210626.59705-1build1
2021.20210626.59705-1ubuntu0.1
2021.20210626.59705-1ubuntu0.2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / emscripten

Package

Name
emscripten
Purl
pkg:deb/ubuntu/emscripten?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.6~dfsg-7
3.1.6~dfsg-9

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.20230311.66589-9build3

2024.*

2024.20240313.70630+ds-2
2024.20240313.70630+ds-4

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / emscripten

Package

Name
emscripten
Purl
pkg:deb/ubuntu/emscripten?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.6~dfsg-5
3.1.6~dfsg-6
3.1.6~dfsg-7

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/ubuntu/texlive-bin?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2023.*

2023.20230311.66589-6
2023.20230311.66589-7
2023.20230311.66589-8
2023.20230311.66589-8build1
2023.20230311.66589-9
2023.20230311.66589-9build2
2023.20230311.66589-9build3

Ecosystem specific

{
    "ubuntu_priority": "low"
}